------------------------------------------------------------------------
r1266 | mgrooms | 2008-10-23 19:05:34 -0500 (Thu, 23 Oct 2008) | 1 line
Fix a critical bug in the libvflt forward lookup cache. The entry time
stamps were not being evaluated correctly which led to permanent entries
in the cache. These entries could only be cleared by restarting the
effected service.
------------------------------------------------------------------------
r1264 | mgrooms | 2008-10-23 18:58:53 -0500 (Thu, 23 Oct 2008) | 1 line
Minor cleanup in the dtpd recv path. Do not resolve the MAC header
manually. This is handled by the IP packet functions.
------------------------------------------------------------------------
r1262 | mgrooms | 2008-10-23 07:13:03 -0500 (Thu, 23 Oct 2008) | 1 line
Avoid the lengthy route lookup process in dtpd when receiving DNS server
add messages on windows platforms. Instead, modify the message to
include an interface address parameter which is known by the caller.
------------------------------------------------------------------------
r1260 | mgrooms | 2008-10-23 06:16:59 -0500 (Thu, 23 Oct 2008) | 1 line
Work around a really frustrating issue in dtpd where the windows
GetBestRoute function can take many seconds ( 6+ in my testing ) to
return a route after it has been properly added. Not much we can do
except to bump up the retry count and be patient while windows plays
dumb.
------------------------------------------------------------------------
r1257 | mgrooms | 2008-10-22 21:44:30 -0500 (Wed, 22 Oct 2008) | 1 line
Add support for PPP Dialup adapters on NDIS 6 platforms. This differs
somewhat from the NDIS 5 IM drivers due to differences in the private
protocol data that is passed in WANLINE messages. Instead of using the
IP address to locate the appropriate adapter, use a derivative of the
device name for matching. This was tested between Vista and a local
FreeBSD PPP server.
------------------------------------------------------------------------
r1255 | mgrooms | 2008-10-17 01:44:30 -0500 (Fri, 17 Oct 2008) | 1 line
Update the NDIS 6 inf driver date.
------------------------------------------------------------------------
r1253 | mgrooms | 2008-10-17 01:39:39 -0500 (Fri, 17 Oct 2008) | 1 line
Modify the NDIS 6 virtual network driver to support explicit link state
change messages. This functionality was added to the NDIS 5 drivers some
time ago. These changes resolved issues with DNS configuration after
connection time on 2000/XP. Hopefully this will help with similar issues
with Vista that were reported recently by Noach Sumner.
------------------------------------------------------------------------
r1252 | mgrooms | 2008-10-16 09:33:49 -0500 (Thu, 16 Oct 2008) | 5 lines
Add an option to the windows Access Manager application to automatically
check for available software updates at a specified interval. This is
accomplished by using an http request to a Shrew Soft update server. If
an update is available, a description is displayed to the user in the
form of a popup window along with an option to visit the software
download page.
Add code to the windows Access Manager application which updates a site
configuration from version 2 to version 3. This is to prevent errors
from occurring in VPN Connect due to DNS suffix option modifications
made in a recent commit. Similar update logic will need to be added to
the unix Access Manager variant. While here, correct a few window state
change problems in the site confirmation editor tabs.
Add a work around an issue which caused the About dialog window license
text to be selected in both the Access Manager and VPN Trace
applications.
------------------------------------------------------------------------
r1251 | mgrooms | 2008-10-13 01:31:04 -0500 (Mon, 13 Oct 2008) | 1 line
Modify the Windows Access Manager and VPN Connect applications to allow
the DNS suffix automatic setting from being specified separately from
the DNS server options.
------------------------------------------------------------------------
r1247 | mgrooms | 2008-10-11 18:47:15 -0500 (Sat, 11 Oct 2008) | 1 line
Correct a bug in the VPN Connect application where a host name is
treated as an IP address if the leading character is a numeric digit.
Issue reported by Daniel P.
------------------------------------------------------------------------
r1246 | mgrooms | 2008-10-10 09:28:51 -0500 (Fri, 10 Oct 2008) | 1 line
Add support for up to four DNS server and two WINS server addresses to
the windows Access Manager application. Support multiple name server
addresses has existed in iked for quite some time so no changes are
required. A similar modification to the unix variant of these
application will be included in a follow up commit.
------------------------------------------------------------------------
r1245 | mgrooms | 2008-10-09 21:31:03 -0500 (Thu, 09 Oct 2008) | 3 lines
Add a new virtual adapter option to the windows Access Manager and VPN
Connect applications. This allows a randomized virtual address to be
selected from a specified subnet. Using this option has some serious
drawbacks. Without the ability to send ARP packets over an IPsec
connection, it is impossible to detect and resolve address selection
conflicts. However, when a large address pool is used, the odds of
multiple clients selecting an identical virtual adapter address is
considerably lower than the possibility of multiple clients having
identical public address when behind a SOHO router performing NAT. Most
of these routers tend to use the same private network definitions by
default and are never changed.
Update the windows VPN Connect application to only set the xconf request
flag when an option is to be negotiated. Setting the option flag
directly denotes that an option is statically configured. The Unix
variant ikec will need to be updated to reflect this change.
------------------------------------------------------------------------
r1244 | mgrooms | 2008-10-08 00:22:28 -0500 (Wed, 08 Oct 2008) | 1 line
Note the connection time in the Windows VPN Connect application. Show
the elapsed time in a system tray tooltip. When minimizing to the system
tray after connecting, show a balloon tooltip that states the connection
has been established.
------------------------------------------------------------------------
r1242 | mgrooms | 2008-10-07 08:12:58 -0500 (Tue, 07 Oct 2008) | 1 line
Remote some invalid single quotes around from the NSIS installer scripts
that were causing problems with x64 NDIS5 driver installs.
------------------------------------------------------------------------
r1240 | mgrooms | 2008-10-07 07:24:04 -0500 (Tue, 07 Oct 2008) | 1 line
When the windows NSIS installer script detects a reboot is required,
don't start the network services. They will be restarted after the
reboot.
------------------------------------------------------------------------
r1238 | mgrooms | 2008-10-07 06:58:10 -0500 (Tue, 07 Oct 2008) | 1 line
Modify the windows installation helper applications to detect when
windows thinks a system should be rebooted after installation. Update
the NSIS installer scripts to set the reboot flag accordingly. I suspect
this may resolve most of the remaining install issues that have been
reported by users.
------------------------------------------------------------------------
r1237 | mgrooms | 2008-10-07 05:28:48 -0500 (Tue, 07 Oct 2008) | 1 line
Modify libvnet to use asynchronous IO when communicating with the vnet
kernel driver. This avoids blocking when multiple threads attempt to use
the same file descriptor for simultaneous operations. For example, it
significantly reduces the tunnel setup and shutdown time for windows
clients that uses a large number of security policies.
------------------------------------------------------------------------
r1236 | mgrooms | 2008-10-06 21:52:25 -0500 (Mon, 06 Oct 2008) | 1 line
Make some minor modifications to the service log output colorization in
the VPN Trace application.
------------------------------------------------------------------------
r1234 | mgrooms | 2008-10-01 12:12:27 -0500 (Wed, 01 Oct 2008) | 1 line
Disable a few debug printf statements in the windows libip route class
constructor.
------------------------------------------------------------------------
r1233 | mgrooms | 2008-09-29 23:51:39 -0500 (Mon, 29 Sep 2008) | 1 line
Modify the windows ipsec trace application to load log files a bit
faster.
------------------------------------------------------------------------
r1231 | mgrooms | 2008-09-29 08:13:47 -0500 (Mon, 29 Sep 2008) | 3 lines
When searching for a security policy in ipsecd, consider the policy
type. This corrects an issue where we are attempting to process a packet
using IPsec but we are returned a NONE policy which is invalid. This
problem was identified when ipsecd spoofed an ARP request for a packet
destined to our default gateway which was also an IPsec gateway.
Correct a bug in ipsecd where the source address was being logged
instead of the destination address while processing ARP packets.
------------------------------------------------------------------------
r1230 | mgrooms | 2008-09-26 00:53:03 -0500 (Fri, 26 Sep 2008) | 1 line
Remove the windows specific code used to stop and start the caching DNS
resolver service. This is no longer used.
------------------------------------------------------------------------
r1224 | mgrooms | 2008-09-02 03:45:13 -0500 (Tue, 02 Sep 2008) | 1 line
Hack a private openssl header file to be compatible with newer SDK
versions.
------------------------------------------------------------------------
r1223 | mgrooms | 2008-09-02 03:44:20 -0500 (Tue, 02 Sep 2008) | 3 lines
Now that we are using the vista compatible SDK header files, downgrade
the NT version so that our GUI components will continue to function.
Update the windows libip route class to lookup interface route metrics.
The metric is used when creating routes on vista platforms. Since this
is a vista only function, we are forced to check the OS version and
manually obtain the lib procedure address at runtime. This replaces a
gruesome hack that determined a valid route metric by brute force.
------------------------------------------------------------------------
r1222 | mgrooms | 2008-08-30 22:05:20 -0500 (Sat, 30 Aug 2008) | 1 line
Modify the libip IPROUTE class to use the IPROUTE_ENTRY structure as a
parameter instead of passing many individual parameters. Modify all
private windows consumers to honor this change.
------------------------------------------------------------------------
r1220 | mgrooms | 2008-08-23 09:02:10 -0500 (Sat, 23 Aug 2008) | 1 line
Make sure we set the version number for new site configurations in the
windows access manager.
------------------------------------------------------------------------
r1218 | mgrooms | 2008-08-16 20:45:41 -0500 (Sat, 16 Aug 2008) | 1 line
Update the installer scripts to support all known MS Windows operating
systems. If the installer cannot detect the operating system type, fail
the installation instead of assuming it is an NDIS 5 compatible
platform.
------------------------------------------------------------------------
r1213 | mgrooms | 2008-07-01 00:06:46 -0500 (Tue, 01 Jul 2008) | 1 line
Correct some problems with VPN Trace. This was caused by invalid casts
to types that were not appropriate for 64bit pointers.
------------------------------------------------------------------------
r1210 | mgrooms | 2008-06-30 21:17:03 -0500 (Mon, 30 Jun 2008) | 1 line
Correct two major bugs in the NDIS 6 filter driver receive path. After
modifying the net buffer list linked list, the original list count was
being passed instead of the modified list count. This was causing
problems when used with NDIS 6 miniport drivers that pass more than a
single net buffer list in a linked list. Thanks to Joerg De La Haye and
Matthew Carle for reporting this problem. Also, revert any changes made
to a net buffer list before returning when NDIS_TEST_RECEIVE_CANNOT_PEND
is true.
------------------------------------------------------------------------