[Swan-commit] Changes to ref refs/heads/addresspool
Paul Wouters
paul at vault.libreswan.fi
Tue Apr 9 04:37:49 EEST 2013
New commits:
commit c5b3ff7350f3ccc22aa892669650e421fc2b066e
Merge: 613b6d7 d31fbfc
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Apr 8 21:37:22 2013 -0400
Merge branch 'master' into addresspool
Conflicts:
include/whack.h
lib/libipsecconf/confread.c
lib/libswan/ttorange.c
programs/pluto/addresspool.c
programs/pluto/addresspool.h
programs/pluto/xauth.c
commit d31fbfc9dcf376df7ae5fb5fa7c7129faa0cd1ff
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Apr 7 18:48:10 2013 -0400
* added another (unknown) nortel vendorid in a vendor.c comment.
commit 955ba75cd49f87bb48f0a156ce2d052c3de96ed4
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Apr 5 22:37:26 2013 -0400
* _stackmanager: when unloading NETKEY, unload ip_vti before xfrm*tunnel
commit bbe1d2e134188e2442df8dde54d0c1209c0b42f5
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 4 13:26:22 2013 -0400
* updated changes
commit 68c98e67ef3c4e6aaaaabc5b1d07d368c8ec121c
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 4 13:24:27 2013 -0400
* pluto: Obsoleted force_keepalive= and --force_keepalive
It violates RFC 3947/3948 where an explicit DOS is mentioned. It was
not enabled per default. It would not actually accomplish keeping the
NAT mapping open in the opposite direction.
commit 4556b56267fe0ddd67cc94e54ed6837afb9394ae
Merge: e08e793 9678a75
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 4 00:55:26 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit e08e793a4267a258829f47ca790fe87721b25cf1
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 4 00:44:08 2013 -0400
* pluto: added per-conn nat_keepalive= (whack --no-nat_keepalive)
Add an option nat_keepalive= to allow disabling keep alives by
specifying nat_keepalive=no. The default (yes) causes the same
behaviour as we have currently without the option.
This option takes precedence over the global force_keepalive= option
Note: I don't fully understand the purpose of the global option, it
would send NAT-T KA packets when "they are NATed" where as normally
we only send NAT-T KA packets when "we are NATed". Is there an actual
use case for this?
To ensure we don't change the current behaviour, the whack option
does the negative, eg --no-nat-keepalives, so that not specifying it
gives the proper default behaviour of doing regular NAT-KA packets.
NOTE: We currently always send these packets, even when there is
traffic flowing over the IPsec SA (and thus over port 4500 so the
NAT router would keep the port mapping open anyway)
commit f3b76f40f668f4222dd0ae3d010de9675525597a
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 4 00:42:56 2013 -0400
* oeconns: fix format string which was missing a %s.
commit 86a76b8e79b01fe1fd2c082a281d57cda9290df0
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 23:28:47 2013 -0400
* starterwhack: fix format string in starter_log() to use %d for int
commit 03e41b968673c3aa5ec6f4a030d4461d95e6d65a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 23:19:02 2013 -0400
* pluto: Log out own vendorid as "received" instead of "ignored"
commit 9678a75e575542c4edb75e1fed34ee0231c98c1e
Merge: 0250657 2a88180
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 21:53:31 2013 +0000
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 0250657938a220fe15cb12a3e96b31a17ab1ed2f
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 21:52:43 2013 +0000
* testing : fixed sed line Restart=no
commit 37637bbf2f637a5822ecb89ac99734eb337a41ee
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 21:51:29 2013 +0000
*testing : swan-prep creates OUTPUT/<hostname>.pluto.log with right
permissions
commit 06f645fe136a98b03d67406e34968827694ad444
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 16:53:29 2013 -0400
* pluto: clarify Commit Flag log message
commit 2a8818092e4da79c549fd8fe7c44b95998ad3c8f
Merge: b8d8d59 2690046
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 16:37:23 2013 -0400
Merge branch 'fweimer'
commit b8d8d59b572bcf80646cbea46a18644e2e5b7e06
Merge: 2a9e59c 241da18
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 16:33:27 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 2a9e59c481591c3720b73521c45048523fec8205
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 16:24:17 2013 -0400
* IKEv1: fragmentation check for null state was too late.
We would have already tried to dereference it
commit 269004618ec392706e4f198644c5b59d79d28fed
Author: Florian Weimer <fweimer at redhat.com>
Date: Wed Apr 3 18:32:43 2013 +0200
Add missing format string attribute to starter_log
And add format strings to call sites which lack them.
commit 2595da46930233c405d86b35bde3caa40043643a
Author: Florian Weimer <fweimer at redhat.com>
Date: Wed Apr 3 11:38:32 2013 +0200
Replace GNU-style designated initializers with C99-style ones
commit 241da18e477598ad14ffc776137f64b105874191
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Apr 3 13:27:06 2013 -0400
* pluto: constants.c: jam_str: fix typo in comment
commit af00a6d746c8dcfe24c0d6ef007d5581fafa9650
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 12:42:48 2013 -0400
* pluto: sadetails of 256 is actually also not enough, raised to 512
commit bd04fc15c44775aec1f501b0e1c4a94a2d48644c
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 12:36:56 2013 -0400
* pluto: increased sadetails string from 128 to 256 so XAUTHuser isn't cut off
The size of sadetails is for the message that is printed when the IPsec SA comes
up, and is passed via fmt_ipsec_sa_established(). Since we now log the XAUTH user
name, this 128 character limit was causing the line to be cut of at 128, leaving
out the partial XAUTH user name (especially when NAT was used and the NATOA/NATD
info was also printed)
It now looks like:
Apr 3 16:36:12: "iphone-general"[6] 76.10.157.78 #6: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x0d0f1c0c <0x8600e9d1 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=none XAUTHuser=B6188A01A77A6825B535A5A20D5E44E013BFF326}
commit f8b0a4497ba2aa1931f2962d45d0cd14dc27075d
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 11:05:15 2013 +0000
*testing : skip the umlplutotest don't run final.sh twice on initiator
commit e18d621a95ac1827cf97862d26b44712a5e89a0b
Merge: bb75c17 6218791
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 10:49:23 2013 +0000
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit bb75c1788751aa69143a85dc38f315d61a752092
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 10:46:14 2013 +0000
* testing : hack to get make check run for pluto tests. disbled kvm
checks. change the TESTLIST command to kvmplutotest
commit 621879100f7acabd1ac4b5038d5f941e29de329f
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 30 16:48:44 2013 -0400
* Added our GPG key as LIBRESWAN-GPG-KEY.txt
commit 10f43a7b7542c88dcf3b68ffca4da9445534a3b1
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 30 16:47:28 2013 -0400
* updated changes
commit 9f1ab06d52870e4d6d92914dd96e6ee6c2918266
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 30 16:43:57 2013 -0400
* pluto: don't log 0 bytes traffic stats for phase1 SA's
We tried to determine the amount of traffic on ISAKMP SA's as well as
IPsec SA's. We no longer log bogus 0byte traffic for ISAKMP SA's.
commit 18d929eb88e5984cd1635cabec0c918845d9ef82
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 30 16:29:12 2013 -0400
* XAUTH: cleanup XAUTHuser in ipsec auto --status/--down
Don't list it with connections and down events that don't have an XAUTHuser
commit 3ee789af4728f22219273c33eba3b81f67490fd5
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 28 17:07:15 2013 -0400
* building: make depend cleanup - two old nss/nspr entries were left
commit 0cbdd95da9808a851787e28a08621d510772a45b
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 26 11:36:25 2013 -0400
* building: make depend results should not include any nss/nspr includes
commit e180ac8af232c3df815c294d775fca29bf1df226
Merge: 9172d28 2287094
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 26 11:15:30 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 9172d281447ef915094c91961add9ef8b25fa7a7
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 26 11:03:04 2013 -0400
* initscripts: IPsec stack was not cleaned up for upstart, non-modular
ipsec setup stop on upstart did an "exec stop ipsec" preventing the
module cleanup code to be called, leaving old kernel policy around
If the stack was compiled inline, cleanup was not performed either.
commit 228709416591f3120793b06003da00d19984de95
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 26 11:49:27 2013 +0200
add changelog entry for defaultroute finder improvement
commit fe2af772c58227b0dbab09dba0bdefddcc20c14e
Author: Kim B. Heino <b at bbbs.net>
Date: Tue Mar 26 11:33:49 2013 +0200
addconn: improve defaultroute finder
If both nexthop and source are undefined find out values in two pass:
1) find out nexthop for destination
2) find out source for nexthop
Doing both in one pass returns source for destination.
commit b52a9e44222d0d3568bd28854c550b200a1494bf
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 25 16:34:24 2013 -0400
* building: remove nss3/utilmodt.h from Makefile.depend.linux
We won't detect if it is changed, but it should not change anyway.
This file is not present in nss-3.13 (RHEL5)
commit b6af19187467107dc577bda86e5c2e2f3ec2173c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 25 16:17:41 2013 -0400
* building: remove check for labeled security file - it breaks make depend
commit a96f9d47e1d2385f85385d0469a7d097d5c26351
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 25 12:37:47 2013 -0400
* building: Add -pie to default linker flags, ensure relro is not overwritten
commit fc26df66145f47775aa9e169a7cffbd83d260a34
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 25 09:56:57 2013 +0200
update changes for variable tweaks
commit 340329cdf966f8467eced54327189eb52cbfd736
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 25 09:53:52 2013 +0200
Revert "netkey: remove logged warning which is not true after commit 9ed4d3e9"
This reverts commit 6470bb3737da49370d511afd1d3f63bbbbab4f18.
We need this warning because commit 9ed4d3e9 was reverted.
commit 2e6a5396a38baf83d727e4c8d8be50b4a377d4b8
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 25 09:40:25 2013 +0200
libswan: fix conffile to use correct define
commit 7ecac68f816f02ef857575abe219ea590ae3b61b
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 25 09:26:34 2013 +0200
build: don't use buildsystem variables in code
commit 8bd19428ecd9a5f7a0633da2b37d7359269105cf
Author: Antony Antony <antony at phenome.org>
Date: Sun Mar 24 23:29:44 2013 -0400
* building: fix "make depend" in programs/pluto
Makefile was using $(GCC) instead of $(CC)
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 67049b41ab4a8be3dca7a10d0be59da097d86710
Merge: 15f7131 5efb4a4
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 24 21:08:36 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 15f7131fb6dacb7197e446277ddaa8da53f8769a
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 24 21:06:52 2013 -0400
* _stackmanager: flush netkey unconditionally upon restart
It seemed sometimes we did end up with some leftovers from the
previous run, causing module unload failure and lingering unknown
internal state. To prevent that, we unconditionally flush state and policy now
commit c05eb90259d89fd3108a3bf53808e03adb380611
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 24 21:05:09 2013 -0400
* pluto: clear out old logfile on restart
Don't append. Old behaviour was to start a new file and is preferred.
commit 5efb4a4a9134ea08134d0a0a2855de9345b62449
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 24 21:43:58 2013 +0200
update changes for VERIFY confdir location
commit e21ff23e439484e2b2a98b33fbbc87d2b82b8c81
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 24 21:41:25 2013 +0200
verify: fix wrong confdir location
commit f40a2237e5cad7149d0f3188b816ac4c965ab4a0
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 24 21:15:27 2013 +0200
initsystem: fixed default sysv init status function
commit 89e3b517348b46ffd4f65407123a2b9512d66949
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 24 20:19:04 2013 +0200
update changes for ipsec --help fix
commit 168554fec90325e2089c7f1115a0629547ec573a
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 24 20:16:11 2013 +0200
ipsec: fix syntax error in --help
commit c736bc94dd289bc29da6a78f6c2a27d39cdbd1a0
Author: Antony Antony <antony at phenome.org>
Date: Fri Mar 22 20:17:07 2013 +0000
*testing : rename test output file, fixed and pluto log files
east.console.verbose.txt fixed file east.console.txt
pluto logs are east.pluto.log
commit 644a65f213b99a98601fed2771f13eb74905961e
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 21 22:59:18 2013 -0400
* packaging: rhel5 has no %{_isa} macro and no nss-softokn
commit f5192fc258f1d3e2f36c2531a0867afd658cfbbe
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 21 22:21:32 2013 -0400
* packaging: Split RHEL spec files into rhel5/rhel6 versions
Also added OCF support as an option.
commit 94d08ca0e05b53bce6bb4c663dcb7bf518d05975
Author: Pavel Kopchyk <pkopchyk at gmail.com>
Date: Thu Mar 21 14:54:01 2013 -0400
* KLIPS: SAref patches for 3.0.55+ kernels
This takes into account changes made by upstream in:
http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/ipv4/ip_sockglue.c?h=linux-3.0.y&id=26aeb8bdda7619453e0958e8c38a84c7add3643b
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 6987e4d1c0ee62d879778eb3da68e252b371bfcb
Merge: 983259f a4e6195
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 20 22:22:03 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 983259fffc586bc00512ea12852ebbd789eceb86
Author: Pavel Kopchyk <pkopchyk at gmail.com>
Date: Wed Mar 20 22:10:19 2013 -0400
* SAref patches for RHEL/CentOS 2.6.32-358.2.1
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit a4e6195811c6685c1c440ff965890a2d3c9f56e3
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 16:41:51 2013 +0200
Revert "* Pass traffic selectors to the kernel in Transport Mode"
This reverts commit 9ed4d3e9ca2f57872167149c633f7ee2a3b01549.
This patch was quite badly wrong and caused natted transport mode
to break up completely.
commit fac4e47f1d27ed89aaba92b45037c090c21d269c
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 10:42:33 2013 +0200
ipsec: use environment variable in script
commit 25db3fa3ea6d2ccd5e8f1baa4095c7f82fa87045
Merge: 7e8af6e c81069f
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 10:29:49 2013 +0200
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
Conflicts:
Makefile.inc
commit 7e8af6e16897daa681c6fe6e96cfbe750857e59a
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 10:26:09 2013 +0200
ipsec: cleanup coding style
commit 6ffca8740086509964d2c2ce6024438df33d663a
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 10:14:22 2013 +0200
update changes for bug #76 fix
commit fb89162dccb46e1f2158957fe821f99cc506deba
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 10:12:06 2013 +0200
initnss: fix bug #76: ipsec initnss fails with a @FINALCONFDDIR@ replace and
no default configdir
commit c81069f40a2f99d0e3d51f91521b3e85cf1074cc
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 23:34:40 2013 -0400
* fix preprocessing filename comment for /etc/ipsec.conf
commit b7b38a766f465d9df365f955eacd3fc311158224
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 19 03:23:48 2013 +0000
* testing: Give north a new raw rsa key
commit f8c3714cc4ea778259d31daa9cfb51f37660eadb
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 19 03:21:01 2013 +0000
* testing: fixup basic-pluto-03 test results
This test required a new north raw rsa key as the NSS db files never got
commited.
consoles taken from OUTPUT/*fixed* except for two manual changes that
still need fixing:
- mark tcpdump output as still needing a filter
- pretend we correctly identify all Libreswan vendorid's
(instead of logging a "ignored vendorid [....])
commit 16c3e70d7987c58f5d435c85aea9c9e27514eb66
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 22:50:09 2013 -0400
* newhostkey: set default NSS dir for call to newrsakey
via @FINALCONFDDIR@ which becomes /etc/ipsec.d per default
commit 99ca899eccb7b4c361bf34cdab4520fdd79e0ab5
Merge: be0448c 93e0992
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 22:35:54 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit be0448c05b7d72e04c85ee2fdc8ad6b08fd5282f
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 22:35:17 2013 -0400
* building: @FINALCONFDDIR@ was not properly expanded in the ipsec cmd
commit 93e0992e829fd8e3736000c6628e4d2c8f39d67d
Author: Libreswan Build <build at libreswan.org>
Date: Tue Mar 19 01:51:21 2013 +0000
* testing: basic-pluto-02 fixup as it likely was meant to be.
Since part of the "known good output" was missing, west specifically,
I have to take a guess at what this was supposed to do. I believe it
is meant to reject the connection on east because the eastnet-westnet
conn is explicitely not loaded, and the OE conn would not match such
subnets.
commit 25f4be69f7449a082961082c55cb1b145d249dd1
Author: Libreswan Build <build at libreswan.org>
Date: Tue Mar 19 01:11:18 2013 +0000
* testing: cleanup east/west conf for basic-pluto-01
commit 1fb4e818765e157e9bcfa2ffe3650cf49b9a0eba
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 21:01:26 2013 -0400
* testing: update basic-pluto-01 known good output
Now includes a line with "Total IPsec connections", as well as
receiveing the FRAGMENTATION vendorid
commit e4d035a61be2cc13d115a6d7efd50017c71461ee
Merge: 17e355d 244b79b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 20:51:12 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 17e355d9ed6d495b8df7091149e762a2bd4b48c4
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 20:49:23 2013 -0400
* _updown.klips: Fix parse error introduced with b5cc4343f567
commit 244b79bcd86baed9d65ce051f87329e762fe84df
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 18 09:59:15 2013 +0200
CHANGES: #75: Libreswan inserts wrong xfrm policies on some configurations [Tuomo]
commit a55f9d8ad1b1541f639d954bb461d6781ebf340d
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 18 09:56:14 2013 +0200
netkey: clarify comment on bug #75 fix
commit d37adcebbca781a2ad40769ea077619faa2f2cb9
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 18 09:50:42 2013 +0200
Revert "Revert "Revert "Revert "Always use XFRM_MSG_UPDPOLICY instead of XFRM_MSG_NEWPOLICY. This avoids""""
This reverts commit 39b7891e50fae053e8acebdc1f55af6408f8fdad.
Fixes bug #75
Without this code we fail to insert another policy with same subnets.
commit 40948526dff2482351e36bfe2889718df6a9c279
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 15 17:16:53 2013 -0400
* update CHANGES for next release
commit 32e465ee578c97cee0ff582ae9ebe96b43a62f1e
Merge: 6470bb3 5eccf88
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 14 22:16:18 2013 +0200
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 6470bb3737da49370d511afd1d3f63bbbbab4f18
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 14 22:16:02 2013 +0200
netkey: remove logged warning which is not true after commit 9ed4d3e9
commit 5eccf8876c4ca95cee94661415fe0f3dcfa6ded6
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 13:24:02 2013 -0400
* libipsecconf: fix parsing nexthop= setting
When sourceip was specified, we could accidentally overwrite nexthop
setting.
Bug was introduced with HAVE_DNSSEC in libreswan 3.0
commit cdd265136cd77d7dc558bbafafeae57f491ccea0
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 13:19:10 2013 -0400
* update changes
commit be65143a730807479e9dcc57112c8d8a6fd0a906
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 12:59:03 2013 -0400
* libipsecconf: Remove unused cmp.[ch]
commit c6fce31a7725e1e7e923bc539343afb9f7b872f6
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 12:48:31 2013 -0400
* readwriteconf: update usage(), initialise rootdir2
commit 497aa2501f1ad6f04bd7208bd170cb3c32c73fa6
Merge: 2284147 cfdc7df
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 00:46:19 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 228414770f2e2309eb3cbcc2f2f7280bb1f1e6f9
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 00:45:41 2013 -0400
* packaging: fixup libreswan-kmod.spec to work on rhel5 as well
commit cfdc7dfec523508a90546431d11023082230a14a
Merge: cfb763e a2b28b8
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 13 17:37:42 2013 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit cfb763e00952e643abc104971dd08ed0ec07ef67
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 13 17:36:08 2013 -0400
* clarify error "defaulting leftsubnet to 1.2.3.4"
This really means the user specified leftsourceip=a.b.c.d where left=
is not a.b.c.d and no leftsubnet= containing a.b.c.d was specified.
We then construct leftsubnet=a.b.c.d/32
commit a2b28b81f1e8500f2993a3132d903d2fe2476249
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 13 23:16:05 2013 +0200
initsystem: sysvinit whitespace cleanup
commit b5cc4343f567abb0aa963b2f0e74c8cbbbc60ec8
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 13 22:31:30 2013 +0200
_updown.*: script cleanup
commit 688511ce24c743804432fafd15aaddd1ff368c9b
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 13 15:47:46 2013 -0400
* make default case the last switch entry
commit da225cdc0e7b71d51b1138484b63436f28db7e54
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 13 13:16:20 2013 -0400
* man page entry for leftaddresspool=
commit 0a9e0ae3402d7c158e6100d674d8840b3f9e0af2
Author: T.J. Yang <tjyang2001 at gmail.com>
Date: Wed Mar 13 14:20:02 2013 +0200
packaging: fix crl fetching support in rhel rpm spec
commit b22c95888b71050ff4e7c13da185dcea70c5c179
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 13 10:35:43 2013 +0200
update CHANGELOG for bug #71
commit bccae61ee685b7232d90bb6ea1a790bac33f7434
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 13 10:27:59 2013 +0200
Revert "* Block rules created by openswan remain even after tunnel establishment"
This reverts commit 8c4cc708ff398a2addd2923d9e461078b1a714f7.
Fixes bug #71.
commit dfb32e4b87e1056e3132eea078b753925411f16f
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 18:50:37 2013 -0400
* Remove an unused variable buftest
commit 5b825cfc5325ab2a04643b873d96af8dd97f65d8
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 18:49:26 2013 -0400
* packaging: remove klips from fedora spec file
commit 8c745b3f22259190c806404b9ea5c599d79b17c0
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 18:47:39 2013 -0400
* packaging: remove KLIPS parts from libreswan.spec
This is all located in the kmod-libreswan.spec file
commit 6b275e62b1ba4d84f832d7fb12b3ab8c5eca0690
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 18:43:34 2013 -0400
* X509: Don't compile authcert locking when not compiling with LIBCURL
commit 1271c4a5eaca5fd6285937fe99d0992de89db40c
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 18:33:07 2013 -0400
* libipsecconf: prevent leftaddresspool= + leftsubnet= in 1 connection
commit f3c47d25fa18efa863114d440b314b5b03f075ad
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 15:26:25 2013 -0400
* update changes
commit 59287b227316ab4f655d0ba59abc0d186fca07ad
Merge: 7806bec a7758cd
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 15:21:33 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit a7758cdf297b3335abcf5fff2a8b18b1671b795b
Author: Kim B. Heino <b at bbbs.net>
Date: Tue Mar 12 20:59:35 2013 +0200
addconn: find peer address if default gateway is ppp without via
commit 88af3c398e1f22c77873f8eab1b485182b0415a6
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 14:29:57 2013 -0400
* updated CHANGES
commit ce3e91696c6a751ae90a2578d7d9c055e5aaa576
Author: Antony Antony <antony at phenome.org>
Date: Tue Mar 12 17:19:19 2013 +0200
* addresspool : fix warnings. internal functions are type static
commit 7806becb61b74a832806c8ab6368395ca512a120
Merge: f617aee 4b677f6
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 11 22:34:07 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit f617aee5b170ef1d0e60c124b815cc2c6040c298
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 11 22:32:22 2013 -0400
* packaging: Added libreswan-kmod.spec and kmodtool-libreswan-el6.sh
kmodtool-libreswan-el6.sh should be copied into the SOURCES/ directory
and then libreswan-kmod.spec can be used to make a kmod kernel package
for KLIPS.
commit 4b677f60ba8925a2c32433ea41d9bd5a30ca936c
Author: Antony Antony <antony at phenome.org>
Date: Tue Mar 12 01:08:13 2013 +0200
*config remove obsolete/unused modecfg_wins*
commit 649e5c0d5e412a1dfa0f179f215ffb112b43a20f
Author: Antony Antony <antony at phenome.org>
Date: Tue Mar 12 00:40:16 2013 +0200
*addresspool : added to Makefile.options
commit 581b42695b1ec14563caf304cc8b8385247665c5
Author: Antony Antony <antony at phenome.org>
Date: Tue Mar 12 00:19:58 2013 +0200
*addresspool : left|rightaddresspol support and testcases
commit f0530a007b8b7a17db4c100b035c099081dce311
Merge: 21045bd 6e9f6f9
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 19:52:54 2013 +0200
Merge branch 'fragmentation'
commit 6e9f6f959b63db72a429449fa844320437d9feaa
Merge: 54ad009 21045bd
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 19:36:10 2013 +0200
Merge branch 'master' into fragmentation
commit 21045bd0d125fa9385798e5ded7d656f85786291
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 14:54:24 2013 +0200
update CHANGELOG for _plutorun changes and sysvinit tuning
commit 08887f953a6da062a5ae47df92132db77e8c295c
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 14:49:53 2013 +0200
sysvinit: change initscripts to use new _plutorun interface which passes all pluto options
commit 37be2781d9ab457384338403f3c38d2ebdf915fa
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 14:45:25 2013 +0200
_plutorun: change plutorun to pass all command line options to pluto
simplify script to actually work
commit 54ad009025f27f364df94691a16a8bc453464f5d
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 07:53:17 2013 +0200
ipsec.conf: Fix some typos in ike_frag= documentation
More information about the Swan-commit
mailing list