Because the support library creates its own layout manually and uses
different IDs than the list_content layout we can't use the method we
used previously (and which is actually recommended in the docs).
For instance, onAttach() with an Activitiy as first argument was deprecated
with API level 23. However, the overload with a Context as first argument
does obviously not get called on older API levels. Luckily, the classes
provided by the support library handle that for us.
This adds a workaround for an issue on older platforms where the list is
not properly styled with colorAccent. Similarly applies to borderless buttons.
The term "gateway" is unfamiliar for most new users (or they confuse it
with the default gateway of their network) but they usually know that
they want to connect to a "server".
This mainly changes the color of the appbar (colorPrimary), the color
of the status bar (colorPrimaryDark) is black like the default.
The accent color (colorAccent) used for controls like buttons and check
boxes is a slightly toned down version of the default.
There is no AppCompatProgressDialog class as the use of ProgressDialog
is discouraged (instead progress bars should be placed in the layout directly).
To display the current ProgressDialog instances correctly on systems < 21 we
modify the window background color.
We'll have to change some stuff that Google deprecated (e.g. the tabs in
the ActionBar) and that requires changing the theme at least in activities.
Since that would look a bit inconsistent we'll change it globally and
use parts of the support library.
This allows using manual priorities for traps, which have a lower
base priority than the resulting IPsec policies. This could otherwise
be problematic if, for example, swanctl --install/uninstall is used while
an SA is established combined with e.g. IPComp, where the trap policy does
not look the same as the IPsec policy (which is now otherwise often the case
as the reqids stay the same).
It also orders policies by selector size if manual priorities are configured
and narrowing occurs.
This could interfere with cleanup handlers that try to acquire
mutexes while other threads holding these try to e.g. cancel the threads.
As cleanup handlers are only queued by the threads themselves we don't need
any synchronization to access the list.
Fixes#1401.
The kernel policy now considers src and dst port masks as well as
restictions to a given network interface. The base priority is
100'000 for passthrough shunts, 200'000 for IPsec policies,
300'000 for IPsec policy traps and 400'000 for fallback drop shunts.
The values 1..30'000 can be used for manually set priorities.
