------------------------------------------------------------------------
r1209 | mgrooms | 2008-06-19 20:06:25 -0500 (Thu, 19 Jun 2008) | 1 line

Branch for 2.1.0 release.
------------------------------------------------------------------------
r1208 | mgrooms | 2008-06-19 09:01:57 -0500 (Thu, 19 Jun 2008) | 1 line

Fix a few grammatical errors in our help documentation.
------------------------------------------------------------------------
r1206 | mgrooms | 2008-06-19 08:52:13 -0500 (Thu, 19 Jun 2008) | 1 line

Cleanup a few help documentation sections.
------------------------------------------------------------------------
r1204 | mgrooms | 2008-06-19 08:11:34 -0500 (Thu, 19 Jun 2008) | 1 line

Make some minor changes to the help documentation format and remove the
vpnhelp.h dependency from the GUI application. It wasn't being used.
------------------------------------------------------------------------
r1202 | mgrooms | 2008-06-19 07:34:34 -0500 (Thu, 19 Jun 2008) | 1 line

Update VPN Trace application icon file to contain the improved image
set. This was missed in a previous commit.
------------------------------------------------------------------------
r1200 | mgrooms | 2008-06-19 07:04:01 -0500 (Thu, 19 Jun 2008) | 1 line

Create 2.1 maintenance branch.
------------------------------------------------------------------------
r1193 | mgrooms | 2008-06-18 06:26:54 -0500 (Wed, 18 Jun 2008) | 1 line

Correct a bug in VPN Trace where a bitmap resource definition was
missing.
------------------------------------------------------------------------
r1192 | mgrooms | 2008-06-18 06:23:29 -0500 (Wed, 18 Jun 2008) | 1 line

Ensure all Access Manager dialogs use the correct tab order for easier
keyboard navigation.
------------------------------------------------------------------------
r1191 | mgrooms | 2008-06-18 06:19:09 -0500 (Wed, 18 Jun 2008) | 1 line

Restore the VPN Connect behavior of auto-focusing on either the username
or password text edit control when the application initializes.
------------------------------------------------------------------------
r1190 | mgrooms | 2008-06-18 06:07:45 -0500 (Wed, 18 Jun 2008) | 1 line

Fix a bug in the VPN Connect display output that caused an extra
"bringing up tunnel ..." message to be printed right before a manual
disconnect.
------------------------------------------------------------------------
r1189 | mgrooms | 2008-06-18 05:15:24 -0500 (Wed, 18 Jun 2008) | 3 lines

Resize the rebar windows in the Access Manager and Trace applications to
be a bit more visually pleasing.

Correct a regression on Windows 2000 that occurred after fixing the
return value issue with the generic IPC send path. This version of
windows behaves a bit differently.
------------------------------------------------------------------------
r1188 | mgrooms | 2008-06-18 04:12:44 -0500 (Wed, 18 Jun 2008) | 1 line

Modify the tab child window resize code in the Windows Access Manager
and VPN connect applications to correctly size dialogs to the tab window
area. The dialogs do not use the correct background color to match the
tab area but this will have to be corrected later.
------------------------------------------------------------------------
r1187 | mgrooms | 2008-06-18 00:57:05 -0500 (Wed, 18 Jun 2008) | 1 line

Correct a visual bug in the Windows Access Manager application. The
rebar height was not being calculated correctly which could leave a
blank space between it and the listview window. This bug is only visible
now that we specifically initialize common controls version 6.
------------------------------------------------------------------------
r1186 | mgrooms | 2008-06-18 00:06:35 -0500 (Wed, 18 Jun 2008) | 1 line

Implement a fix for configuration file string parsing that prevented
certain characters from being read properly. This was reported by Karl
Rhenius.
------------------------------------------------------------------------
r1185 | mgrooms | 2008-06-18 00:04:27 -0500 (Wed, 18 Jun 2008) | 1 line

Remove an icon file dependency from the VPN Connect application that was
removed in the last commit.
------------------------------------------------------------------------
r1184 | mgrooms | 2008-06-17 23:15:32 -0500 (Tue, 17 Jun 2008) | 1 line

Add a new version of the new icon sets that have an alpha transparency
channel. This style of bitmap is preferable for hosts running XP or
later versions of the Windows operating system. The Access Manager,
Connect and Trace applications were updated to use the improved icons.
Run time checks were introduced to use non alpha transparent icons on
Windows 2000.
------------------------------------------------------------------------
r1183 | mgrooms | 2008-06-14 23:17:17 -0500 (Sat, 14 Jun 2008) | 1 line

Update driver inf version dates to satisfy driver signability checks.
------------------------------------------------------------------------
r1182 | mgrooms | 2008-06-14 22:17:53 -0500 (Sat, 14 Jun 2008) | 1 line

Update our windows install directory to include the MS issued Verisign
cross certificate.
------------------------------------------------------------------------
r1181 | mgrooms | 2008-06-14 22:04:09 -0500 (Sat, 14 Jun 2008) | 2 lines

Update our private zlib to be built with MSVC 2005 SP1.

------------------------------------------------------------------------
r1180 | mgrooms | 2008-06-14 21:16:41 -0500 (Sat, 14 Jun 2008) | 1 line

Update the iked and ipsecd project build files to exclude the shlwapi
library dependency.
------------------------------------------------------------------------
r1179 | mgrooms | 2008-06-14 21:15:28 -0500 (Sat, 14 Jun 2008) | 1 line

Update our private VC80 C runtime libraries to MSVC 2005 SP1.
------------------------------------------------------------------------
r1178 | mgrooms | 2008-06-14 21:14:32 -0500 (Sat, 14 Jun 2008) | 1 line

Update our private openssl version to 0.9.8h built with MSVC 2005 SP1.
------------------------------------------------------------------------
r1177 | mgrooms | 2008-06-14 07:40:07 -0500 (Sat, 14 Jun 2008) | 1 line

Split the release build batch file into two scripts. One that packages
and signs the drivers and one that packages and signs the installer
binaries.
------------------------------------------------------------------------
r1176 | mgrooms | 2008-06-14 03:53:46 -0500 (Sat, 14 Jun 2008) | 1 line

Add a new batch file that automatically generates a release installer
for all platforms. Modify the NSIS installer scripts to install the
generated driver catalog files.
------------------------------------------------------------------------
r1175 | mgrooms | 2008-06-13 07:17:00 -0500 (Fri, 13 Jun 2008) | 1 line

Fix issues with non debug builds of the NDIS 6 drivers.
------------------------------------------------------------------------
r1174 | mgrooms | 2008-06-13 05:57:40 -0500 (Fri, 13 Jun 2008) | 4 lines

Modify the driver and device install utilities to accept a relative inf
path name.

Correct some Windows build environment issues.

------------------------------------------------------------------------
r1173 | mgrooms | 2008-06-13 05:51:47 -0500 (Fri, 13 Jun 2008) | 1 line

Modify the NSIS installers to not install driver catalog files. We have
no signed drivers at the moment so they are really of no use.
------------------------------------------------------------------------
r1172 | mgrooms | 2008-06-13 05:44:39 -0500 (Fri, 13 Jun 2008) | 1 line

Modify the NDIS 6 filter driver to implement a FilterStatus handler.
Even though this is marked as an optional function in the documentation
and they discourage its use, it appears to be necessary when filtering
NDIS 6 Miniports. Also perform some minor code cleanups and make it
compile without the debug flag enabled.
------------------------------------------------------------------------
r1171 | mgrooms | 2008-06-10 08:48:08 -0500 (Tue, 10 Jun 2008) | 1 line

Correct the NSIS scripts to install NDIS 6 virtual network drivers on
Vista. I'm not sure how this happened.
------------------------------------------------------------------------
r1170 | mgrooms | 2008-06-10 04:24:08 -0500 (Tue, 10 Jun 2008) | 3 lines

Correct a problem in ipsecd where divert rules were not being cleaned up
after an IPsec SA expired. Explicitly deleted SAs were cleaned up
properly.

Modify the Windows VPN Connect application to honor the new DPD
parameters.
------------------------------------------------------------------------
r1169 | mgrooms | 2008-06-07 00:26:22 -0500 (Sat, 07 Jun 2008) | 1 line

Bring the VPN Client Administrators Guide up to date with the 2.1.0
release.
------------------------------------------------------------------------
r1168 | mgrooms | 2008-06-01 02:32:34 -0500 (Sun, 01 Jun 2008) | 1 line

Update the windows GUI about windows and add the new brand logo.
------------------------------------------------------------------------
r1167 | mgrooms | 2008-06-01 00:34:47 -0500 (Sun, 01 Jun 2008) | 1 line

Modify a new windows icon set to have more color saturation. Include
high color application icons with 8 bit alpha channels. This improves
the presentation on windows XP and Vista.
------------------------------------------------------------------------
r1166 | mgrooms | 2008-05-31 07:10:33 -0500 (Sat, 31 May 2008) | 1 line

Update windows applications to use a improved icon set. Donated by
Daniel Walter Scott.
------------------------------------------------------------------------
r1165 | mgrooms | 2008-05-31 00:13:48 -0500 (Sat, 31 May 2008) | 1 line

Update NSIS to use install and uninstall icons.
------------------------------------------------------------------------
r1164 | mgrooms | 2008-05-30 23:34:38 -0500 (Fri, 30 May 2008) | 1 line

Add initial NSIS install and uninstall icons.
------------------------------------------------------------------------
r1163 | mgrooms | 2008-05-30 20:16:31 -0500 (Fri, 30 May 2008) | 1 line

Add custom images for the windows NSIS installer to make it more brand
specific.
------------------------------------------------------------------------
r1162 | mgrooms | 2008-05-29 10:00:10 -0500 (Thu, 29 May 2008) | 3 lines

Correct an issue with ipsecd where we were not specifying a unique
acquire sequence number. This was preventing iked from properly handling
multiple acquires in a single session as searching for a phase2 handle
by this value would return false positives.

Improve the VPN Trace SA output tab by prettying up the transfered data
value. Previously we just listed the bytes. Now we summarize this data
as fractional kylobytes, megabytes or gigabytes.
------------------------------------------------------------------------
r1161 | mgrooms | 2008-05-29 05:29:50 -0500 (Thu, 29 May 2008) | 1 line

Correct a problem in the VPN Trace application where the security
policies and security associations were not being updated properly.
------------------------------------------------------------------------
r1160 | mgrooms | 2008-05-22 23:02:35 -0500 (Thu, 22 May 2008) | 3 lines

Modify the vnet kernel driver to include link state control. Vista
drivers do not yet support this feature. The iked windows client setup
now sets the link state on the adapter to connected after enabling the
adapter.

Correct some issues with name service registry entry settings. Write
registry entries as static configuration entries. This as they will take
precedence over any dynamic configuration entries obtained via DHCP.
------------------------------------------------------------------------
r1159 | mgrooms | 2008-05-20 17:51:17 -0500 (Tue, 20 May 2008) | 1 line

Set the default adapter MTU for new Site Configurations to 1380 bytes on
windows targets.
------------------------------------------------------------------------
r1158 | mgrooms | 2008-05-16 20:30:05 -0500 (Fri, 16 May 2008) | 1 line

Make sure we reset the buffer offset before reading a message header in
libdtp.
------------------------------------------------------------------------
r1157 | mgrooms | 2008-05-16 00:51:20 -0500 (Fri, 16 May 2008) | 1 line

When shutting down ipsecd, make sure we wakeup all pfkey client threads
so we don't experience a hang when acting as a service.
------------------------------------------------------------------------
r1156 | mgrooms | 2008-05-15 23:39:25 -0500 (Thu, 15 May 2008) | 3 lines

Now that IPC client classes can be reused, remove a workaround in ipsecc
that always destroyed and recreated the ikei object.

Modify ipsecd and ipsect to follow the recent changes to the libpfk
classes. These are now based on the generic IPC classes provided by
libith.
------------------------------------------------------------------------
r1155 | mgrooms | 2008-05-15 19:26:16 -0500 (Thu, 15 May 2008) | 1 line

Correct the log output for ipsecd and dtpd where we report threads
beginning instead of exiting.
------------------------------------------------------------------------
r1154 | mgrooms | 2008-05-14 10:17:35 -0500 (Wed, 14 May 2008) | 3 lines

Modify the devcfg, netcfg and drvcfg install helper applications to
improve reliability. The main program logic code has been moved into the
main process threads and the GUI logic into subordinate threads. Events
are used to ensure we do not exit until a subordinate thread has
gracefully terminated. Command line argument parsing has also been
improved. In particular, a few bugs in devcfg were causing device
removal to fail consistently. Window titles and styles were also
modified for aesthetic purposes.

Modify dtpd to check return values properly inside the IPC server
connection thread loop. This was causing the program to hang during
shutdown when running as a service.
------------------------------------------------------------------------
r1153 | mgrooms | 2008-05-14 09:56:29 -0500 (Wed, 14 May 2008) | 1 line

Update windows NSIS installer scripts to provide the correct parameters
for removing device instances when uninstalling the software.
------------------------------------------------------------------------
r1152 | mgrooms | 2008-05-13 04:54:41 -0500 (Tue, 13 May 2008) | 1 line

Update the documentation version number.
------------------------------------------------------------------------
r1151 | mgrooms | 2008-05-13 04:53:15 -0500 (Tue, 13 May 2008) | 1 line

Further improve the shutdown process for ipsecd and dptd. Protect the
runtime reference counts using the run lock and use wait conditions
instead of loops to check shutdown readiness.
------------------------------------------------------------------------
r1150 | mgrooms | 2008-05-13 00:12:58 -0500 (Tue, 13 May 2008) | 3 lines

Improve the shutdown procedure for iked, ipsecd and dtpd. Some issues
with the code were preventing it from stopping correctly when acting as
a service. This needs to be looked at closer once all the IPC work has
settled.

Correctly check the libike client attach return value in ipsecc.
------------------------------------------------------------------------
r1149 | mgrooms | 2008-05-12 07:20:57 -0500 (Mon, 12 May 2008) | 1 line

Fix a bug that caused the wrong authentication method to be displayed in
the detailed listview of the windows Access Manager. Reported by Tai-hwa
Liang.
------------------------------------------------------------------------
r1148 | mgrooms | 2008-05-11 19:47:39 -0500 (Sun, 11 May 2008) | 3 lines

Update dtpd and ipsecd to now wait on the event loop to exit. Since the
main process threads were previously responsible for accepting ipc
connections, these code paths have been moved to dedicated threads. This
was necessary as the ipc server threads were recently modified to enter
an efficient block state while waiting for clients to connect.

Add a new project file for the libith timer event test program.
------------------------------------------------------------------------
r1147 | mgrooms | 2008-05-09 22:22:31 -0500 (Fri, 09 May 2008) | 3 lines

Third round of commits to improve generic IPC class. The service
inbound() function now blocks indefinitely to avoid looped polling for
connections until one becomes available or a wakeup condition is
triggered. Some of the other member functions were also modified to
improve error handling. The dtpd and libdtp sources were updated to
follow these changes.

Improve iked error handling when communicating with dtpd. Before we were
not checking or reporting some error conditions.
------------------------------------------------------------------------
r1146 | mgrooms | 2008-05-09 01:09:07 -0500 (Fri, 09 May 2008) | 5 lines

Update dtpd, libdtp and ipsecc to follow the recent generic IPC changes.
Endpoints now block indefinitely to avoid looped reads until data
becomes available or a wakeup condition is triggered.

Correct the libip windows route code to gracefully handle error
conditions when attempting to resolve adapter information.

Correct an issue in libvnet where we were not initializing a structure
correctly before passing it to a system call.
------------------------------------------------------------------------
r1145 | mgrooms | 2008-04-30 07:39:40 -0500 (Wed, 30 Apr 2008) | 1 line

Update libdtp and consumers to use the new libith IPC class as a base
for dtp IPC communications. This improves latency and fixes a few
problems with the older IPC code.
------------------------------------------------------------------------
r1144 | mgrooms | 2008-03-08 01:12:41 -0600 (Sat, 08 Mar 2008) | 3 lines

Perform a minor cleanup of the DNS Transparent Proxy admin loop and the
interface library. These changes should be only cosmetic.

Handle the new name service configuration option to disable dynamic DNS
updates for a windows adapter. Enable this option on the private
adapter.
------------------------------------------------------------------------
r1143 | mgrooms | 2008-02-29 15:18:54 -0600 (Fri, 29 Feb 2008) | 1 line

Fix an issue where a system tray icon was not being removed properly
when a duplicate VPN Connect window is opened.
------------------------------------------------------------------------
r1142 | mgrooms | 2008-02-28 16:46:40 -0600 (Thu, 28 Feb 2008) | 1 line

Cosmetic cleanup for code in the windows VPN Access Manager.
------------------------------------------------------------------------
r1141 | mgrooms | 2008-02-28 13:16:21 -0600 (Thu, 28 Feb 2008) | 1 line

Fix a blatant regression that prevents the VPN Site Manager from
launching the VPN Connect application for a site. Reported by Mark
Jenks.
------------------------------------------------------------------------
r1140 | mgrooms | 2008-02-27 22:25:03 -0600 (Wed, 27 Feb 2008) | 1 line

Correct a difference between site configuration attributes on unix
platforms and windows platforms. The configuration version is bumped
after changing any existing client-dns-enable numeric attribute to a
client-dns-used attribute.
------------------------------------------------------------------------
r1139 | mgrooms | 2008-02-27 22:16:41 -0600 (Wed, 27 Feb 2008) | 1 line

Minor cosmetic changes to the windows VPN Connect configuration parsing
code.
------------------------------------------------------------------------
r1138 | mgrooms | 2008-02-27 03:38:24 -0600 (Wed, 27 Feb 2008) | 1 line

Fix sorting site configurations in the windows Access Manager list view.
------------------------------------------------------------------------
r1137 | mgrooms | 2008-02-27 01:52:35 -0600 (Wed, 27 Feb 2008) | 1 line

Add a new dialog to the windows Access manager utility that helps
resolve site configuration and imported file name conflicts.
------------------------------------------------------------------------
r1136 | mgrooms | 2008-02-26 01:13:47 -0600 (Tue, 26 Feb 2008) | 1 line

Add checks for illegal site configuration names in the windows VPN
Access manager.
------------------------------------------------------------------------
r1135 | mgrooms | 2008-02-24 15:54:17 -0600 (Sun, 24 Feb 2008) | 1 line

Update the VPN Trace program to properly colorize log lines with
timestamps.
------------------------------------------------------------------------
r1134 | mgrooms | 2008-02-24 02:00:31 -0600 (Sun, 24 Feb 2008) | 1 line

When storing the window state of the Access Manager before exit, use the
restored window placement values instead of the current placement
values. This caused problems when the application was minimized at exit
time.
------------------------------------------------------------------------
r1133 | mgrooms | 2008-02-23 22:25:53 -0600 (Sat, 23 Feb 2008) | 1 line

Add a user preferences dialog to the window Access Manager application.
This dialog allows several settings to be configured by a user. These
options include window view styles, automatically minimize after
connection success and remember last user name used. The settings are
saved along with useful state information such as the window size and
position which is restored when the the application is re-opened.
------------------------------------------------------------------------
r1132 | mgrooms | 2008-02-22 23:57:34 -0600 (Fri, 22 Feb 2008) | 1 line

Correct an issues where the CONFIG class file parser would choke when
reading an attribute with a zero length value.
------------------------------------------------------------------------
r1131 | mgrooms | 2008-02-20 20:23:55 -0600 (Wed, 20 Feb 2008) | 1 line

Small cosmetic code cleanup in the windows ipseca program.
------------------------------------------------------------------------
r1130 | mgrooms | 2008-02-20 01:12:59 -0600 (Wed, 20 Feb 2008) | 1 line

Modify the windows access manager application to include key/certificate
file data when exporting a site configuration. This makes it easier to
distribute complete site configurations as all the data required for the
connection is self contained. This feature will be added to the unix GUI
interface in a follow up commit.
------------------------------------------------------------------------
r1129 | mgrooms | 2008-02-19 16:54:29 -0600 (Tue, 19 Feb 2008) | 1 line

Update the windows ipsec application to interpret the mutual psk as a
binary value.
------------------------------------------------------------------------
r1128 | mgrooms | 2008-02-19 13:27:50 -0600 (Tue, 19 Feb 2008) | 1 line

Remove some now unused files missed in the last commit.
------------------------------------------------------------------------
r1127 | mgrooms | 2008-02-19 12:33:02 -0600 (Tue, 19 Feb 2008) | 5 lines

Modify the windows specific site configuration handling library ipsecp.
The goal is to make this library go away all together and unify the
configuration handling for both windows and unix platforms. To
accomplish this, most of the GUI related functionality has been migrated
from the library to the GUI applications. A few functions still remain
and will be migrated in a later commit.

Modify the windows CONFIG class used to store site configuration data.
We now base it on IDB and use the new base64 encode/decode to handle
binary attributes. The only attribute that has been migrated is the ike
preshared key attribute. Site configuration file format versions have
also been introduced with automatic update functionality. With this in
place, we can now provide backwards compatibility for previous versions
of a site configuration when the file format version changes for any
reason. This is currently used to update the ike preshared key
attribute.

Since these changes are windows specific, the unix specific code will
need to be updated in a follow up commit to bring the two code bases in
sync. Unifying the CONFIG code class should make a lot of these
synchronization efforts go away.
------------------------------------------------------------------------
r1126 | mgrooms | 2008-02-18 14:13:39 -0600 (Mon, 18 Feb 2008) | 1 line

Move the BDATA class out of libip and into libidb. Remove the old LIST
class from libip and replace all instances with IDB_LIST. This involved
a huge amount of mechanical changes.
------------------------------------------------------------------------
r1125 | mgrooms | 2008-02-15 02:44:01 -0600 (Fri, 15 Feb 2008) | 1 line

Fix a problem in ipsecd where the SPD add policy sequence number was not
being handled correctly.
------------------------------------------------------------------------
r1124 | mgrooms | 2008-02-14 16:16:35 -0600 (Thu, 14 Feb 2008) | 1 line

Add support for nailed peers by adding a check box in the policy tab of
the site configuration manager named "Maintain persistent security
associations". The unix client interface still needs to be updated.
------------------------------------------------------------------------
r1123 | mgrooms | 2008-02-14 14:49:16 -0600 (Thu, 14 Feb 2008) | 1 line

Update a windows specific file to follow a function rename in iked.
------------------------------------------------------------------------
r1122 | mgrooms | 2008-02-13 15:07:55 -0600 (Wed, 13 Feb 2008) | 1 line

Add a few retry attempts to the dtpd local route lookup code to allow
very slow machines a chance to work with vista. This has been observed
while running in a virtual machine.
------------------------------------------------------------------------
r1121 | mgrooms | 2008-02-13 14:05:38 -0600 (Wed, 13 Feb 2008) | 5 lines

Modify the windows name service configuration in iked to work with
public adapters that use DHCP instead of static configuration. Both the
registry entry names and the method used to delimit address lists are
different.

Correct an issue with dptd where an uninitialized value could cause a
name server list to not be read correctly.

Update the NSIS build scripts to include the new libidb file.
------------------------------------------------------------------------
r1120 | mgrooms | 2008-02-12 02:30:02 -0600 (Tue, 12 Feb 2008) | 1 line

At some point I copied the NDIS6 vnet driver source code into the NDIS5
directory by mistake and committed them. Revert the files to the most
recent NDIS5 revision.
------------------------------------------------------------------------
r1119 | mgrooms | 2008-02-12 02:25:30 -0600 (Tue, 12 Feb 2008) | 1 line

Update some windows specific code in iked to honor the IDB changes.
------------------------------------------------------------------------
r1118 | mgrooms | 2008-02-10 23:10:26 -0600 (Sun, 10 Feb 2008) | 1 line

Update some windows specific code in iked to honor the IDB changes.
------------------------------------------------------------------------
r1117 | mgrooms | 2008-02-08 14:12:32 -0600 (Fri, 08 Feb 2008) | 1 line

Correct a problem in iked where the virtual adapter was being disabled
twice.
------------------------------------------------------------------------
r1116 | mgrooms | 2008-02-08 02:15:28 -0600 (Fri, 08 Feb 2008) | 1 line

Correct a bug in the libip route code that was preventing routes from
being deleted.
------------------------------------------------------------------------
r1115 | mgrooms | 2008-02-08 00:32:15 -0600 (Fri, 08 Feb 2008) | 1 line

Add support for emulating IP, TCP and UDP hardware checksum offload to
the NDIS6 filter driver. TCP segment offload is not currently emulated.
------------------------------------------------------------------------
r1114 | mgrooms | 2008-02-06 21:54:53 -0600 (Wed, 06 Feb 2008) | 1 line

Back port a bug fix from the NDIS6 filter driver to the NDIS5 driver
that prevents duplicate transmissions of IP packet fragments in some
instances.
------------------------------------------------------------------------
r1113 | mgrooms | 2008-02-06 21:11:04 -0600 (Wed, 06 Feb 2008) | 1 line

More work on the NDIS6 Lightweight Filter driver. Fragmented IP packet
handling is now implemented.
------------------------------------------------------------------------
r1112 | mgrooms | 2008-02-06 14:08:34 -0600 (Wed, 06 Feb 2008) | 1 line

Correct a minor bug in the Access Manager where the login banner would
not be disabled and a typo in the Client Connect application usage
output. Both issues were reported by David Santinoli.
------------------------------------------------------------------------
r1111 | mgrooms | 2008-02-04 16:33:35 -0600 (Mon, 04 Feb 2008) | 10
lines

Modify the device install routine to use the, until recently,
undocumented function pInstallSelectedDriver instead of
SetupDiCallClassInstaller. For some reason unknown to me, using the
documented function throws an error on Vista and prevents us from using
the pre-installed driver on 2K/XP. In other words, this change is an
improvement on all platforms.

Correct an serious bug in the DNS Transparent Proxy Daemon that could
cause it to crash when evaluating DNS packets. This was a bit difficult
to track down as it only happened in the release version and not the
debug builds.

Add some new code to iked that can restart the MS DNS cache service at
connect time but leave this disabled for now. I may enable this in
future builds if no other alternative is found for the problem it
corrects.

Add better debug handling to the ARP code in ipsecd.

Modify iked and libip to push some windows specific iproute workarounds
into the windows specific code. Also, introduce some Vista specific code
to avoid problems with MS API incompatibilities on that platform.

------------------------------------------------------------------------
r1110 | mgrooms | 2008-02-04 16:15:34 -0600 (Mon, 04 Feb 2008) | 1 line

More work on the NDIS6 Lightweight Filter driver. Packet filtering is
now fully implemented. The only remaining feature is fragment handling.
------------------------------------------------------------------------
r1109 | mgrooms | 2008-02-04 16:14:21 -0600 (Mon, 04 Feb 2008) | 1 line

More work on the NDIS6 Virtual Network driver. This revision corrects
many issues and builds a usable driver.
------------------------------------------------------------------------
r1108 | mgrooms | 2008-02-04 13:55:48 -0600 (Mon, 04 Feb 2008) | 1 line

Correct a bug in the amd64 version of our NSIS Windows installer script.
------------------------------------------------------------------------
r1107 | mgrooms | 2008-01-30 02:15:04 -0600 (Wed, 30 Jan 2008) | 1 line

Correct some issues with the device configuration utility error message
dialogs. A message box title was not being specified.
------------------------------------------------------------------------
r1106 | mgrooms | 2008-01-30 02:13:53 -0600 (Wed, 30 Jan 2008) | 1 line

Correct a problem in the IPsec Trace application that was preventing me
from seeing DNS Proxy log output in a debug environment.
------------------------------------------------------------------------
r1105 | mgrooms | 2008-01-30 02:12:50 -0600 (Wed, 30 Jan 2008) | 1 line

Modify a DNS Proxy log output line to make it less confusing.
------------------------------------------------------------------------
r1104 | mgrooms | 2008-01-30 02:11:27 -0600 (Wed, 30 Jan 2008) | 1 line

Correct a problem in libvflt where ARP requests were not being serviced
properly on Vista. While here, improve some log output for error cases.
------------------------------------------------------------------------
r1103 | mgrooms | 2008-01-30 02:09:50 -0600 (Wed, 30 Jan 2008) | 1 line

Add initial code revision of the NDIS6 Virtual Network driver.
------------------------------------------------------------------------
r1102 | mgrooms | 2008-01-30 02:08:09 -0600 (Wed, 30 Jan 2008) | 1 line

Update the NSIS installation scripts to better support Vista.
------------------------------------------------------------------------
r1101 | mgrooms | 2008-01-25 03:30:27 -0600 (Fri, 25 Jan 2008) | 1 line

More work on the NDIS6 Lightweight Filter driver. Packet mirroring and
diversion rules now copy data to the user device interface.
------------------------------------------------------------------------
r1100 | mgrooms | 2008-01-23 03:50:11 -0600 (Wed, 23 Jan 2008) | 1 line

More work on the NDIS6 Lightweight Filter driver. Packet evaluation
against the rule set is now working. Fragment handling, packet filtering
and diversion are the three remaining hurdles.
------------------------------------------------------------------------
r1099 | mgrooms | 2008-01-23 02:27:55 -0600 (Wed, 23 Jan 2008) | 1 line

More work on the NDIS6 Lightweight Filter driver. The user device
interface is now fully implemented. Packet send operations that
originate from the filter are now working properly. Packet filtering and
redirection is still a work in progress.
------------------------------------------------------------------------
r1098 | mgrooms | 2008-01-18 16:31:20 -0600 (Fri, 18 Jan 2008) | 1 line

Add a source directory and files for the NDIS6 Lightweight Filter
driver. Add a directory for the NDIS6 Virtual Network driver.
------------------------------------------------------------------------
r1097 | mgrooms | 2007-12-31 15:27:08 -0600 (Mon, 31 Dec 2007) | 1 line

Prepare the build environment and installer scripts for future vista
driver support.
------------------------------------------------------------------------
r1096 | mgrooms | 2007-12-27 19:31:06 -0600 (Thu, 27 Dec 2007) | 1 line

Rewrite a large portion of the DNS transparent proxy daemon and update
the windows configuration interface to take better advantage of the new
features. The new system supports DNS server groups and default rules
which simplify the configuration logic. The new system also allows for a
virtual adapter to be fully configured with DNS servers and a default
domain suffix.
------------------------------------------------------------------------
r1095 | mgrooms | 2007-12-27 14:15:17 -0600 (Thu, 27 Dec 2007) | 1 line

Introduce function calls that contain the DNS transparent proxy related
code. Move this into the windows specific files to cleanup the open
source code base.
------------------------------------------------------------------------
r1094 | mgrooms | 2007-12-21 20:48:19 -0600 (Fri, 21 Dec 2007) | 1 line

Add support for configuring the virtual adapter MTU on windows. A follow
up commit will add this support on unix platforms.
------------------------------------------------------------------------
r1093 | mgrooms | 2007-12-21 02:20:00 -0600 (Fri, 21 Dec 2007) | 1 line

Add the ability to use WINS and DNS settings in direct adapter mode.
Move the windows adapter configuration code from libvnet into iked.
Modularize the code to allow for reading and writing the address info
separate from the name services information. Modify the windows VPN
Access manager and Client Connect programs to support the new direct
adapter configuration parameters.
------------------------------------------------------------------------
r1092 | mgrooms | 2007-12-15 13:06:33 -0600 (Sat, 15 Dec 2007) | 1 line

Modify the NDIS IM driver to copy the entire packet contents just past
the ethernet header using a zero offset. Some miniport drivers
apparently have buggy handlers for NdisTransferData that can't deal with
partial copies properly. Also, modify the packet pool used when handling
a driverio send to the protocol layer. Using the same pool for handling
driverio sends to both the protocol and miniport layer was causing a
driver fault on Windows 2K platforms.
------------------------------------------------------------------------
r1091 | mgrooms | 2007-12-14 03:34:59 -0600 (Fri, 14 Dec 2007) | 1 line

Modify ipsecd and iked to support nat-t 00 and 01 drafts. This required
changes to the protocol handlers and filter rule management.
------------------------------------------------------------------------
r1090 | mgrooms | 2007-12-10 16:45:45 -0600 (Mon, 10 Dec 2007) | 1 line

Update libvnet to support configuring multiple DNS and WINS servers for
a single adapter interface. Update the Client Connect program to handle
the new configuration structures. The Access Manager and Client Connect
programs still need to be updated as they currently only support
manually configuring single server addresses.
------------------------------------------------------------------------
r1089 | mgrooms | 2007-12-09 18:16:45 -0600 (Sun, 09 Dec 2007) | 1 line

Restore the ability to manage sites or exit the windows access manager
using the system tray icon.
------------------------------------------------------------------------
r1088 | mgrooms | 2007-12-09 18:05:40 -0600 (Sun, 09 Dec 2007) | 1 line

Improve the functionality of the windows access manager system tray
icon. When right clicked, allow the user to expand a connect sub-menu
that lists all available site configurations. If a site configuration is
selected, it will launch a connect instance for the given site. If a
site instance is already running, it will be automatically brought to
the foreground.
------------------------------------------------------------------------
r1087 | mgrooms | 2007-12-09 15:29:39 -0600 (Sun, 09 Dec 2007) | 3 lines

Update visual studio project to reflect a renamed file.


------------------------------------------------------------------------
r1086 | mgrooms | 2007-12-09 15:12:32 -0600 (Sun, 09 Dec 2007) | 1 line

Update visual studio project to reflect the moved files.
------------------------------------------------------------------------
r1085 | mgrooms | 2007-12-09 15:11:55 -0600 (Sun, 09 Dec 2007) | 1 line

Move windows specific files into the private build system. This just
untangles unnecessary code from the open source release.
------------------------------------------------------------------------
r1084 | mgrooms | 2007-12-09 14:13:32 -0600 (Sun, 09 Dec 2007) | 3 lines

Modify NDIS driver files to match the version numbers to the next
release version.

Correct a problem with ipsecd where the queued packet was not being
transmitted immediately after an IPsec SA was established. This was a
side effect of introducing multi packet queues which were not being
being transmitted in this instance.
------------------------------------------------------------------------
r1083 | mgrooms | 2007-12-09 00:01:26 -0600 (Sun, 09 Dec 2007) | 1 line

Add support to libvflt for assigning the virtual adapter address and
netmask using an undocumented windows function call. This new method
needs to be tested and is not currently used.
------------------------------------------------------------------------
r1082 | mgrooms | 2007-12-06 17:09:13 -0600 (Thu, 06 Dec 2007) | 1 line

Rewrite the NDIS IM driver adapter bind and unbind handlers. The major
flaw with our previous implementation was that it did not gracefully
handle the case where an upper layer IM miniport instance could not be
created. This frequently occurs when the Deterministic Networks IM
driver is installed as our driver is requested to bind to an adapter
that we are already bound to. Now when we see this error condition, we
fail gracefully by unbinding from the lower layer miniport and returning
a failure immediately from the adapter open call.
------------------------------------------------------------------------
r1081 | mgrooms | 2007-11-27 21:51:40 -0600 (Tue, 27 Nov 2007) | 1 line

Fix a bug in the windows about dialog boxes that cause a problem if the
install path cannot be located.
------------------------------------------------------------------------
r1080 | mgrooms | 2007-11-27 16:13:23 -0600 (Tue, 27 Nov 2007) | 1 line

Modify the windows VPN access manager and VPN application to support
forcing NATT to either the draft or rfc mode.
------------------------------------------------------------------------
r1079 | mgrooms | 2007-11-27 15:25:10 -0600 (Tue, 27 Nov 2007) | 3 lines

Disable the null identity type in the windows VPN accesss manager. It
was introduced for checkpoint hybrid compatibility but turned out to be
unnecessary. Instead, allow null identity values to be used for all but
a manually defined address. A follow up commit will be required to bring
the unix VPN access manager in line with windows.

Modify libvflt to read the IP header when appropriate and trim the
packet if extra bytes happen to have been appended to the frame.
------------------------------------------------------------------------
r1078 | mgrooms | 2007-11-15 13:30:25 -0600 (Thu, 15 Nov 2007) | 1 line

Correct an issues in the Window VPN Access Manager where the application
would throw an error if the virtual adapter address was blank even in
direct adapter mode.
------------------------------------------------------------------------
r1077 | mgrooms | 2007-11-14 00:53:00 -0600 (Wed, 14 Nov 2007) | 1 line

Add support to the Windows VPN Access Manager for a none identifier type
which is only valid when hybrid mode is selected.
------------------------------------------------------------------------
r1076 | mgrooms | 2007-11-11 22:13:07 -0600 (Sun, 11 Nov 2007) | 1 line

Complete initial optimization of the ipsecd send path. Use multiple
packet buffers and improved logic to avoid unnecessary copy operations
when possible. Recycle the packet buffers between packet writes. The
ESP, IPIP and UDP-ENCAP protocols have now been updated for both paths.
The AH and IPCOMP protocols will still require some additional
modifications.
------------------------------------------------------------------------