[Swan-commit] Changes to ref refs/tags/v3.2
Paul Wouters
paul at vault.libreswan.fi
Sat Apr 13 23:12:42 EEST 2013
Created a new ref, with the following commits:
commit 26396e441aa5b8909682ea6d38d8cbb5e69c612f
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Apr 13 16:11:21 2013 -0400
* add release date
commit b0de3eb18542ef988225b933240e739f1e1d134e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Apr 13 16:09:41 2013 -0400
* testing: fixup compress-pluto-netkey-03 and compress-pluto-01
commit 219bd86b4b260f75b419da535960f728ea9e5837
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 12 19:59:25 2013 +0300
CHANGES: update for lswbz#85
commit 80dfdb8ce980372d606adc1590f5ea0ec54ddf44
Merge: 16d1604 7b1cd93
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 12 19:56:02 2013 +0300
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 16d160428ad1a8f97f601140f0c3ee17513d6960
Merge: a23cd52 21a6e0c
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 12 19:54:42 2013 +0300
Merge branch 'lswbz85'
commit 21a6e0c79732a3ea16dfbeeda4edff9ccc1dad1d
Author: Kim Heino <b at bbbs.net>
Date: Fri Apr 12 19:36:57 2013 +0300
This is fix for libreswan bug #85.
We only add traffic selectors for transport mode. The problem is that
Tunnel mode ipsec with ipcomp is layered so that ipcomp tunnel is
protected with transport mode ipsec but in this case we shouldn't any
more add traffic selectors or we break the tunnel.
Function setup_half_ipsec_sa was modified to inform netlink_setup_sa with
add_selector boolean about need to add selectors. This prevents breaking
ipcomp in tunnel mode. Direction of sa is now passed to netlink_setup_sa
so client can be substituted with host ip so that selector works for natted
transport mode.
Signed-off-by: Tuomo Soini <tis at foobar.fi>
commit 7b1cd93056a67c499f4b20d28565733af33f3550
Merge: a2c8632 a23cd52
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Apr 12 12:23:25 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit d38911304a0129c67130de68ced87e28d79a4171
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 12 19:02:51 2013 +0300
NETKEY: remove irrelevant logging - this is not needed when traffic selectors
support has been restored.
Revert "Revert "netkey: remove logged warning which is not true after commit 9ed4d3e9""
This reverts commit 340329cdf966f8467eced54327189eb52cbfd736.
commit f3fbf2a9a196da8db16dd73cbd04c4313cba776d
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 12 18:58:20 2013 +0300
NETKEY: restore traffic selectors for fixing them to work with transport
mode nat-traversal.
Revert "Revert "* Pass traffic selectors to the kernel in Transport Mode""
This reverts commit a4e6195811c6685c1c440ff965890a2d3c9f56e3.
commit 375fe9d54d4aa27279046c099691a0a93155b876
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 12 18:55:01 2013 +0300
NETKEY: remove work-around for NATD port leaking to traffic selectors
commit a2c86320ea2cf2c39501adaa59dfe4dbb9a5ef58
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Apr 12 10:28:24 2013 -0400
* Temporarily disable option to enable opportunistic encryption
This will be re-implemented with an external helper that is more aware
of the forward DNS query and IP address answer, so it will not require
the reverse DNS.
commit a23cd52fd7c1fc9f1297a57107b74f78d860d1d4
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 12 15:31:41 2013 +0300
remove CHANGES entry which is not relevant yet
commit 9605d7628de60f975154d6359f59d21233c9b992
Merge: 2291b98 7eb3db6
Author: Antony Antony <antony at phenome.org>
Date: Thu Apr 11 22:40:38 2013 +0000
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 2291b989359d68922dcd8027e080af6220fb0784
Author: Antony Antony <antony at phenome.org>
Date: Thu Apr 11 22:40:11 2013 +0000
* testing : cleanup commit reults with initial_contact:no;
commit 8d324608d97250d00ca8f9369cbde2d898d90c82
Author: Antony Antony <antony at phenome.org>
Date: Thu Apr 11 22:07:10 2013 +0000
* testing : remove 'cat /tmp/pluto.log' from final.sh
commit 7eb3db6cdd9fffaaf5d1ba5a98675046de726031
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 11 18:03:40 2013 -0400
* showhostkey: --ipseckey option mistakenly printed "0s" prefix
also moved an nss configdir diagnostic into --verbose like the rest
commit c5b3aa10d9720634aeb784985d40af38bfd8e008
Author: Antony Antony <antony at phenome.org>
Date: Thu Apr 11 21:33:54 2013 +0000
* testing : ikev2-05-basic-psk results
ikev2-04-basic-x509 results
commit 85942b9e5e9917df75eb276ac3654c83e5449e18
Author: Antony Antony <antony at phenome.org>
Date: Thu Apr 11 18:31:44 2013 +0000
* testing : swan-build rm OBJ.linux.x86_64 no *
commit 2e15e2f9f2a9c3c42b5f3980278ef3a914496b54
Author: Antony Antony <antony at phenome.org>
Date: Thu Apr 11 18:18:47 2013 +0000
* .gitignore added Makefile.inc.local and removed UMLPOOL
commit 9760a966d24bd149ef170a779933b0452106e5c5
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 11 11:06:36 2013 -0400
* packaging: updated ipsec.conf.d with the commeted *.conf include
commit a46d2d7405401f0f140f2275b2ca5c93bf53f384
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 10 22:14:50 2013 -0400
* packaging: use full relro (-z,relro,-z,now) for fedora spec
commit 670a5175a7daf4bccee8daf88833077112752f1f
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 10 17:14:20 2013 -0400
* packaging: we need the INITSYSTEM= override in make install as well
commit 38d3347c24880060995359d39f3f06ed8a3ccef2
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 10 16:29:50 2013 -0400
* packaging: updates to libreswan.spec for fedora 18
- Enable _hardened_build
- Added -Wformat-nonliteral -Wformat-security to USERCOMPILE
- Added -Wl,-z,relro to USERLINK
- Support macros for 'prever' to get proper versions for dr/rc releases
- Removed obsolets defkv/kversion/krelver/srcpkgver variables
- Add Obsoletes/Requires/Conflicts for openswan
- Force init system detection with INITSYSTEM=systemd
commit be90ed4683612df489afec74fb54404327bcaa58
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 10 13:16:50 2013 -0400
* packaging: changed remaining $RPM_BUILD_ROOT to %{buildroot}
commit d2474fcd5d9a7ffad5c8a774d4bf0873bb775422
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 10 13:10:41 2013 -0400
* permissions: open up /var/run/pluto, close down /etc/ipsec.d
The rundir (default /var/run/pluto) is changed from 700 to 755, to
allow non-root processes to read pluto.pid (eg monitor scripts)
The ipsecddir (default /etc/ipsec.d) and its subdirectories is changed
from 755 to 700. This was already the case for some distributions
(Fedora, RHEL). This provides a little more privacy about which IPsec
tunnels are configured, which certificates are known, etc.
commit 4bbdd9fa73bd3c22958d794f71beddac270b6dd9
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 9 23:45:56 2013 -0400
* added comment for unknown juniper vendorid.
commit 98751d85f47131a5bd599e6d67bea113b6f6330d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 9 13:44:32 2013 -0400
* initial_contact man page entry
commit 12a24be0b1639e1d6a60022d999852603208aab2
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 9 13:38:18 2013 -0400
* updated changes
commit d74f33f22a7e6d6bf6b4ff32367b81ffbab56b40
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 9 13:35:55 2013 -0400
* IKEv1: Support initial_contact=yes|no (default no) in Main Mode [Paul]
This only affects sending the payload. As responder, we still ignore this
payload and base our decision for replacing the IPsec SA on the uniqueids=
setting. That code does not cause downtime like the initial_contact behaviour
(on Cisco) does.
commit 3e6543a6bd5db6bf3c11ad72a0fccdec5e8cf542
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 9 13:05:37 2013 -0400
* fix whack usage for --addresspool with mandatory range argument
commit d6a2b4b80a340a3dda6d9b5ea520dbb4285f5b53
Merge: b5fe675 78c4e52
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 9 12:58:40 2013 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit b5fe675402b64532a535083ca05c1a9785840348
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 9 12:58:23 2013 -0400
* more updates to CHANGES
commit 78c4e524aa68db4b4c9126aea264dd21b3d9baf1
Author: Antony Antony <antony at phenome.org>
Date: Tue Apr 9 16:45:25 2013 +0000
* addresspool : code cleanup. removed unused bits
commit a1d7edfae641371025ebd1c5a5a127356a0aa2d0
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 9 12:32:10 2013 -0400
* updated changes
commit b7e19e8dad109fb14c6826438ee8c3acfea2f07e
Merge: afd74c1 49793ba
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 9 12:31:04 2013 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit afd74c1b4c430248b491a9296cc715b03c14d8dc
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 9 12:30:45 2013 -0400
* updated changes
commit 9c3130dbe56a12349fb672afcb934ed3fcc7b3f4
Author: Antony Antony <antony at phenome.org>
Date: Tue Apr 9 12:28:15 2013 -0400
* addresspool: Use same_id() to identify reconnecting client and re-use lease
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 49793baeb4659d6013346b67737627bcda584e68
Author: Antony Antony <antony at phenome.org>
Date: Tue Apr 9 09:57:27 2013 +0000
* testing : ikev2-05-basic-psk seems to need nhelpers=4 too. may be 2 is
enough
commit a9d558f144f106a3b1f5069d4eab37e636c59f09
Author: Antony Antony <antony at phenome.org>
Date: Tue Apr 9 09:51:40 2013 +0000
* ikev2 nss : fix bug 78. may need nhelpers=4 or so too
commit d31fbfc9dcf376df7ae5fb5fa7c7129faa0cd1ff
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Apr 7 18:48:10 2013 -0400
* added another (unknown) nortel vendorid in a vendor.c comment.
commit 955ba75cd49f87bb48f0a156ce2d052c3de96ed4
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Apr 5 22:37:26 2013 -0400
* _stackmanager: when unloading NETKEY, unload ip_vti before xfrm*tunnel
commit bbe1d2e134188e2442df8dde54d0c1209c0b42f5
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 4 13:26:22 2013 -0400
* updated changes
commit 68c98e67ef3c4e6aaaaabc5b1d07d368c8ec121c
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 4 13:24:27 2013 -0400
* pluto: Obsoleted force_keepalive= and --force_keepalive
It violates RFC 3947/3948 where an explicit DOS is mentioned. It was
not enabled per default. It would not actually accomplish keeping the
NAT mapping open in the opposite direction.
commit 4556b56267fe0ddd67cc94e54ed6837afb9394ae
Merge: e08e793 9678a75
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 4 00:55:26 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit e08e793a4267a258829f47ca790fe87721b25cf1
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 4 00:44:08 2013 -0400
* pluto: added per-conn nat_keepalive= (whack --no-nat_keepalive)
Add an option nat_keepalive= to allow disabling keep alives by
specifying nat_keepalive=no. The default (yes) causes the same
behaviour as we have currently without the option.
This option takes precedence over the global force_keepalive= option
Note: I don't fully understand the purpose of the global option, it
would send NAT-T KA packets when "they are NATed" where as normally
we only send NAT-T KA packets when "we are NATed". Is there an actual
use case for this?
To ensure we don't change the current behaviour, the whack option
does the negative, eg --no-nat-keepalives, so that not specifying it
gives the proper default behaviour of doing regular NAT-KA packets.
NOTE: We currently always send these packets, even when there is
traffic flowing over the IPsec SA (and thus over port 4500 so the
NAT router would keep the port mapping open anyway)
commit f3b76f40f668f4222dd0ae3d010de9675525597a
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Apr 4 00:42:56 2013 -0400
* oeconns: fix format string which was missing a %s.
commit 86a76b8e79b01fe1fd2c082a281d57cda9290df0
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 23:28:47 2013 -0400
* starterwhack: fix format string in starter_log() to use %d for int
commit 03e41b968673c3aa5ec6f4a030d4461d95e6d65a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 23:19:02 2013 -0400
* pluto: Log out own vendorid as "received" instead of "ignored"
commit 9678a75e575542c4edb75e1fed34ee0231c98c1e
Merge: 0250657 2a88180
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 21:53:31 2013 +0000
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 0250657938a220fe15cb12a3e96b31a17ab1ed2f
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 21:52:43 2013 +0000
* testing : fixed sed line Restart=no
commit 37637bbf2f637a5822ecb89ac99734eb337a41ee
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 21:51:29 2013 +0000
*testing : swan-prep creates OUTPUT/<hostname>.pluto.log with right
permissions
commit 06f645fe136a98b03d67406e34968827694ad444
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 16:53:29 2013 -0400
* pluto: clarify Commit Flag log message
commit 2a8818092e4da79c549fd8fe7c44b95998ad3c8f
Merge: b8d8d59 2690046
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 16:37:23 2013 -0400
Merge branch 'fweimer'
commit b8d8d59b572bcf80646cbea46a18644e2e5b7e06
Merge: 2a9e59c 241da18
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 16:33:27 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 2a9e59c481591c3720b73521c45048523fec8205
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 16:24:17 2013 -0400
* IKEv1: fragmentation check for null state was too late.
We would have already tried to dereference it
commit 269004618ec392706e4f198644c5b59d79d28fed
Author: Florian Weimer <fweimer at redhat.com>
Date: Wed Apr 3 18:32:43 2013 +0200
Add missing format string attribute to starter_log
And add format strings to call sites which lack them.
commit 2595da46930233c405d86b35bde3caa40043643a
Author: Florian Weimer <fweimer at redhat.com>
Date: Wed Apr 3 11:38:32 2013 +0200
Replace GNU-style designated initializers with C99-style ones
commit 241da18e477598ad14ffc776137f64b105874191
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Apr 3 13:27:06 2013 -0400
* pluto: constants.c: jam_str: fix typo in comment
commit af00a6d746c8dcfe24c0d6ef007d5581fafa9650
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 12:42:48 2013 -0400
* pluto: sadetails of 256 is actually also not enough, raised to 512
commit bd04fc15c44775aec1f501b0e1c4a94a2d48644c
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Apr 3 12:36:56 2013 -0400
* pluto: increased sadetails string from 128 to 256 so XAUTHuser isn't cut off
The size of sadetails is for the message that is printed when the IPsec SA comes
up, and is passed via fmt_ipsec_sa_established(). Since we now log the XAUTH user
name, this 128 character limit was causing the line to be cut of at 128, leaving
out the partial XAUTH user name (especially when NAT was used and the NATOA/NATD
info was also printed)
It now looks like:
Apr 3 16:36:12: "iphone-general"[6] 76.10.157.78 #6: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x0d0f1c0c <0x8600e9d1 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=none XAUTHuser=B6188A01A77A6825B535A5A20D5E44E013BFF326}
commit f8b0a4497ba2aa1931f2962d45d0cd14dc27075d
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 11:05:15 2013 +0000
*testing : skip the umlplutotest don't run final.sh twice on initiator
commit e18d621a95ac1827cf97862d26b44712a5e89a0b
Merge: bb75c17 6218791
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 10:49:23 2013 +0000
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit bb75c1788751aa69143a85dc38f315d61a752092
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 3 10:46:14 2013 +0000
* testing : hack to get make check run for pluto tests. disbled kvm
checks. change the TESTLIST command to kvmplutotest
commit 621879100f7acabd1ac4b5038d5f941e29de329f
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 30 16:48:44 2013 -0400
* Added our GPG key as LIBRESWAN-GPG-KEY.txt
commit 10f43a7b7542c88dcf3b68ffca4da9445534a3b1
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 30 16:47:28 2013 -0400
* updated changes
commit 9f1ab06d52870e4d6d92914dd96e6ee6c2918266
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 30 16:43:57 2013 -0400
* pluto: don't log 0 bytes traffic stats for phase1 SA's
We tried to determine the amount of traffic on ISAKMP SA's as well as
IPsec SA's. We no longer log bogus 0byte traffic for ISAKMP SA's.
commit 18d929eb88e5984cd1635cabec0c918845d9ef82
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 30 16:29:12 2013 -0400
* XAUTH: cleanup XAUTHuser in ipsec auto --status/--down
Don't list it with connections and down events that don't have an XAUTHuser
commit 3ee789af4728f22219273c33eba3b81f67490fd5
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 28 17:07:15 2013 -0400
* building: make depend cleanup - two old nss/nspr entries were left
commit 0cbdd95da9808a851787e28a08621d510772a45b
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 26 11:36:25 2013 -0400
* building: make depend results should not include any nss/nspr includes
commit e180ac8af232c3df815c294d775fca29bf1df226
Merge: 9172d28 2287094
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 26 11:15:30 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 9172d281447ef915094c91961add9ef8b25fa7a7
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 26 11:03:04 2013 -0400
* initscripts: IPsec stack was not cleaned up for upstart, non-modular
ipsec setup stop on upstart did an "exec stop ipsec" preventing the
module cleanup code to be called, leaving old kernel policy around
If the stack was compiled inline, cleanup was not performed either.
commit 228709416591f3120793b06003da00d19984de95
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 26 11:49:27 2013 +0200
add changelog entry for defaultroute finder improvement
commit fe2af772c58227b0dbab09dba0bdefddcc20c14e
Author: Kim B. Heino <b at bbbs.net>
Date: Tue Mar 26 11:33:49 2013 +0200
addconn: improve defaultroute finder
If both nexthop and source are undefined find out values in two pass:
1) find out nexthop for destination
2) find out source for nexthop
Doing both in one pass returns source for destination.
commit b52a9e44222d0d3568bd28854c550b200a1494bf
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 25 16:34:24 2013 -0400
* building: remove nss3/utilmodt.h from Makefile.depend.linux
We won't detect if it is changed, but it should not change anyway.
This file is not present in nss-3.13 (RHEL5)
commit b6af19187467107dc577bda86e5c2e2f3ec2173c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 25 16:17:41 2013 -0400
* building: remove check for labeled security file - it breaks make depend
commit a96f9d47e1d2385f85385d0469a7d097d5c26351
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 25 12:37:47 2013 -0400
* building: Add -pie to default linker flags, ensure relro is not overwritten
commit fc26df66145f47775aa9e169a7cffbd83d260a34
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 25 09:56:57 2013 +0200
update changes for variable tweaks
commit 340329cdf966f8467eced54327189eb52cbfd736
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 25 09:53:52 2013 +0200
Revert "netkey: remove logged warning which is not true after commit 9ed4d3e9"
This reverts commit 6470bb3737da49370d511afd1d3f63bbbbab4f18.
We need this warning because commit 9ed4d3e9 was reverted.
commit 2e6a5396a38baf83d727e4c8d8be50b4a377d4b8
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 25 09:40:25 2013 +0200
libswan: fix conffile to use correct define
commit 7ecac68f816f02ef857575abe219ea590ae3b61b
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 25 09:26:34 2013 +0200
build: don't use buildsystem variables in code
commit 8bd19428ecd9a5f7a0633da2b37d7359269105cf
Author: Antony Antony <antony at phenome.org>
Date: Sun Mar 24 23:29:44 2013 -0400
* building: fix "make depend" in programs/pluto
Makefile was using $(GCC) instead of $(CC)
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 67049b41ab4a8be3dca7a10d0be59da097d86710
Merge: 15f7131 5efb4a4
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 24 21:08:36 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 15f7131fb6dacb7197e446277ddaa8da53f8769a
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 24 21:06:52 2013 -0400
* _stackmanager: flush netkey unconditionally upon restart
It seemed sometimes we did end up with some leftovers from the
previous run, causing module unload failure and lingering unknown
internal state. To prevent that, we unconditionally flush state and policy now
commit c05eb90259d89fd3108a3bf53808e03adb380611
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 24 21:05:09 2013 -0400
* pluto: clear out old logfile on restart
Don't append. Old behaviour was to start a new file and is preferred.
commit 5efb4a4a9134ea08134d0a0a2855de9345b62449
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 24 21:43:58 2013 +0200
update changes for VERIFY confdir location
commit e21ff23e439484e2b2a98b33fbbc87d2b82b8c81
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 24 21:41:25 2013 +0200
verify: fix wrong confdir location
commit f40a2237e5cad7149d0f3188b816ac4c965ab4a0
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 24 21:15:27 2013 +0200
initsystem: fixed default sysv init status function
commit 89e3b517348b46ffd4f65407123a2b9512d66949
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 24 20:19:04 2013 +0200
update changes for ipsec --help fix
commit 168554fec90325e2089c7f1115a0629547ec573a
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 24 20:16:11 2013 +0200
ipsec: fix syntax error in --help
commit c736bc94dd289bc29da6a78f6c2a27d39cdbd1a0
Author: Antony Antony <antony at phenome.org>
Date: Fri Mar 22 20:17:07 2013 +0000
*testing : rename test output file, fixed and pluto log files
east.console.verbose.txt fixed file east.console.txt
pluto logs are east.pluto.log
commit 644a65f213b99a98601fed2771f13eb74905961e
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 21 22:59:18 2013 -0400
* packaging: rhel5 has no %{_isa} macro and no nss-softokn
commit f5192fc258f1d3e2f36c2531a0867afd658cfbbe
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 21 22:21:32 2013 -0400
* packaging: Split RHEL spec files into rhel5/rhel6 versions
Also added OCF support as an option.
commit 94d08ca0e05b53bce6bb4c663dcb7bf518d05975
Author: Pavel Kopchyk <pkopchyk at gmail.com>
Date: Thu Mar 21 14:54:01 2013 -0400
* KLIPS: SAref patches for 3.0.55+ kernels
This takes into account changes made by upstream in:
http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/ipv4/ip_sockglue.c?h=linux-3.0.y&id=26aeb8bdda7619453e0958e8c38a84c7add3643b
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 6987e4d1c0ee62d879778eb3da68e252b371bfcb
Merge: 983259f a4e6195
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 20 22:22:03 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 983259fffc586bc00512ea12852ebbd789eceb86
Author: Pavel Kopchyk <pkopchyk at gmail.com>
Date: Wed Mar 20 22:10:19 2013 -0400
* SAref patches for RHEL/CentOS 2.6.32-358.2.1
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit a4e6195811c6685c1c440ff965890a2d3c9f56e3
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 16:41:51 2013 +0200
Revert "* Pass traffic selectors to the kernel in Transport Mode"
This reverts commit 9ed4d3e9ca2f57872167149c633f7ee2a3b01549.
This patch was quite badly wrong and caused natted transport mode
to break up completely.
commit fac4e47f1d27ed89aaba92b45037c090c21d269c
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 10:42:33 2013 +0200
ipsec: use environment variable in script
commit 25db3fa3ea6d2ccd5e8f1baa4095c7f82fa87045
Merge: 7e8af6e c81069f
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 10:29:49 2013 +0200
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
Conflicts:
Makefile.inc
commit 7e8af6e16897daa681c6fe6e96cfbe750857e59a
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 10:26:09 2013 +0200
ipsec: cleanup coding style
commit 6ffca8740086509964d2c2ce6024438df33d663a
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 10:14:22 2013 +0200
update changes for bug #76 fix
commit fb89162dccb46e1f2158957fe821f99cc506deba
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 19 10:12:06 2013 +0200
initnss: fix bug #76: ipsec initnss fails with a @FINALCONFDDIR@ replace and
no default configdir
commit c81069f40a2f99d0e3d51f91521b3e85cf1074cc
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 23:34:40 2013 -0400
* fix preprocessing filename comment for /etc/ipsec.conf
commit b7b38a766f465d9df365f955eacd3fc311158224
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 19 03:23:48 2013 +0000
* testing: Give north a new raw rsa key
commit f8c3714cc4ea778259d31daa9cfb51f37660eadb
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 19 03:21:01 2013 +0000
* testing: fixup basic-pluto-03 test results
This test required a new north raw rsa key as the NSS db files never got
commited.
consoles taken from OUTPUT/*fixed* except for two manual changes that
still need fixing:
- mark tcpdump output as still needing a filter
- pretend we correctly identify all Libreswan vendorid's
(instead of logging a "ignored vendorid [....])
commit 16c3e70d7987c58f5d435c85aea9c9e27514eb66
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 22:50:09 2013 -0400
* newhostkey: set default NSS dir for call to newrsakey
via @FINALCONFDDIR@ which becomes /etc/ipsec.d per default
commit 99ca899eccb7b4c361bf34cdab4520fdd79e0ab5
Merge: be0448c 93e0992
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 22:35:54 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit be0448c05b7d72e04c85ee2fdc8ad6b08fd5282f
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 22:35:17 2013 -0400
* building: @FINALCONFDDIR@ was not properly expanded in the ipsec cmd
commit 93e0992e829fd8e3736000c6628e4d2c8f39d67d
Author: Libreswan Build <build at libreswan.org>
Date: Tue Mar 19 01:51:21 2013 +0000
* testing: basic-pluto-02 fixup as it likely was meant to be.
Since part of the "known good output" was missing, west specifically,
I have to take a guess at what this was supposed to do. I believe it
is meant to reject the connection on east because the eastnet-westnet
conn is explicitely not loaded, and the OE conn would not match such
subnets.
commit 25f4be69f7449a082961082c55cb1b145d249dd1
Author: Libreswan Build <build at libreswan.org>
Date: Tue Mar 19 01:11:18 2013 +0000
* testing: cleanup east/west conf for basic-pluto-01
commit 1fb4e818765e157e9bcfa2ffe3650cf49b9a0eba
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 21:01:26 2013 -0400
* testing: update basic-pluto-01 known good output
Now includes a line with "Total IPsec connections", as well as
receiveing the FRAGMENTATION vendorid
commit e4d035a61be2cc13d115a6d7efd50017c71461ee
Merge: 17e355d 244b79b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 20:51:12 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 17e355d9ed6d495b8df7091149e762a2bd4b48c4
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 18 20:49:23 2013 -0400
* _updown.klips: Fix parse error introduced with b5cc4343f567
commit 244b79bcd86baed9d65ce051f87329e762fe84df
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 18 09:59:15 2013 +0200
CHANGES: #75: Libreswan inserts wrong xfrm policies on some configurations [Tuomo]
commit a55f9d8ad1b1541f639d954bb461d6781ebf340d
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 18 09:56:14 2013 +0200
netkey: clarify comment on bug #75 fix
commit d37adcebbca781a2ad40769ea077619faa2f2cb9
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 18 09:50:42 2013 +0200
Revert "Revert "Revert "Revert "Always use XFRM_MSG_UPDPOLICY instead of XFRM_MSG_NEWPOLICY. This avoids""""
This reverts commit 39b7891e50fae053e8acebdc1f55af6408f8fdad.
Fixes bug #75
Without this code we fail to insert another policy with same subnets.
commit 40948526dff2482351e36bfe2889718df6a9c279
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 15 17:16:53 2013 -0400
* update CHANGES for next release
commit 32e465ee578c97cee0ff582ae9ebe96b43a62f1e
Merge: 6470bb3 5eccf88
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 14 22:16:18 2013 +0200
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 6470bb3737da49370d511afd1d3f63bbbbab4f18
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 14 22:16:02 2013 +0200
netkey: remove logged warning which is not true after commit 9ed4d3e9
commit 5eccf8876c4ca95cee94661415fe0f3dcfa6ded6
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 13:24:02 2013 -0400
* libipsecconf: fix parsing nexthop= setting
When sourceip was specified, we could accidentally overwrite nexthop
setting.
Bug was introduced with HAVE_DNSSEC in libreswan 3.0
commit cdd265136cd77d7dc558bbafafeae57f491ccea0
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 13:19:10 2013 -0400
* update changes
commit be65143a730807479e9dcc57112c8d8a6fd0a906
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 12:59:03 2013 -0400
* libipsecconf: Remove unused cmp.[ch]
commit c6fce31a7725e1e7e923bc539343afb9f7b872f6
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 12:48:31 2013 -0400
* readwriteconf: update usage(), initialise rootdir2
commit 497aa2501f1ad6f04bd7208bd170cb3c32c73fa6
Merge: 2284147 cfdc7df
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 00:46:19 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 228414770f2e2309eb3cbcc2f2f7280bb1f1e6f9
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 14 00:45:41 2013 -0400
* packaging: fixup libreswan-kmod.spec to work on rhel5 as well
commit cfdc7dfec523508a90546431d11023082230a14a
Merge: cfb763e a2b28b8
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 13 17:37:42 2013 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit cfb763e00952e643abc104971dd08ed0ec07ef67
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 13 17:36:08 2013 -0400
* clarify error "defaulting leftsubnet to 1.2.3.4"
This really means the user specified leftsourceip=a.b.c.d where left=
is not a.b.c.d and no leftsubnet= containing a.b.c.d was specified.
We then construct leftsubnet=a.b.c.d/32
commit a2b28b81f1e8500f2993a3132d903d2fe2476249
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 13 23:16:05 2013 +0200
initsystem: sysvinit whitespace cleanup
commit b5cc4343f567abb0aa963b2f0e74c8cbbbc60ec8
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 13 22:31:30 2013 +0200
_updown.*: script cleanup
commit 688511ce24c743804432fafd15aaddd1ff368c9b
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 13 15:47:46 2013 -0400
* make default case the last switch entry
commit da225cdc0e7b71d51b1138484b63436f28db7e54
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 13 13:16:20 2013 -0400
* man page entry for leftaddresspool=
commit 0a9e0ae3402d7c158e6100d674d8840b3f9e0af2
Author: T.J. Yang <tjyang2001 at gmail.com>
Date: Wed Mar 13 14:20:02 2013 +0200
packaging: fix crl fetching support in rhel rpm spec
commit b22c95888b71050ff4e7c13da185dcea70c5c179
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 13 10:35:43 2013 +0200
update CHANGELOG for bug #71
commit bccae61ee685b7232d90bb6ea1a790bac33f7434
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 13 10:27:59 2013 +0200
Revert "* Block rules created by openswan remain even after tunnel establishment"
This reverts commit 8c4cc708ff398a2addd2923d9e461078b1a714f7.
Fixes bug #71.
commit dfb32e4b87e1056e3132eea078b753925411f16f
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 18:50:37 2013 -0400
* Remove an unused variable buftest
commit 5b825cfc5325ab2a04643b873d96af8dd97f65d8
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 18:49:26 2013 -0400
* packaging: remove klips from fedora spec file
commit 8c745b3f22259190c806404b9ea5c599d79b17c0
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 18:47:39 2013 -0400
* packaging: remove KLIPS parts from libreswan.spec
This is all located in the kmod-libreswan.spec file
commit 6b275e62b1ba4d84f832d7fb12b3ab8c5eca0690
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 18:43:34 2013 -0400
* X509: Don't compile authcert locking when not compiling with LIBCURL
commit 1271c4a5eaca5fd6285937fe99d0992de89db40c
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 18:33:07 2013 -0400
* libipsecconf: prevent leftaddresspool= + leftsubnet= in 1 connection
commit f3c47d25fa18efa863114d440b314b5b03f075ad
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 15:26:25 2013 -0400
* update changes
commit 59287b227316ab4f655d0ba59abc0d186fca07ad
Merge: 7806bec a7758cd
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 15:21:33 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit a7758cdf297b3335abcf5fff2a8b18b1671b795b
Author: Kim B. Heino <b at bbbs.net>
Date: Tue Mar 12 20:59:35 2013 +0200
addconn: find peer address if default gateway is ppp without via
commit 88af3c398e1f22c77873f8eab1b485182b0415a6
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 12 14:29:57 2013 -0400
* updated CHANGES
commit ce3e91696c6a751ae90a2578d7d9c055e5aaa576
Author: Antony Antony <antony at phenome.org>
Date: Tue Mar 12 17:19:19 2013 +0200
* addresspool : fix warnings. internal functions are type static
commit 7806becb61b74a832806c8ab6368395ca512a120
Merge: f617aee 4b677f6
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 11 22:34:07 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit f617aee5b170ef1d0e60c124b815cc2c6040c298
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 11 22:32:22 2013 -0400
* packaging: Added libreswan-kmod.spec and kmodtool-libreswan-el6.sh
kmodtool-libreswan-el6.sh should be copied into the SOURCES/ directory
and then libreswan-kmod.spec can be used to make a kmod kernel package
for KLIPS.
commit 4b677f60ba8925a2c32433ea41d9bd5a30ca936c
Author: Antony Antony <antony at phenome.org>
Date: Tue Mar 12 01:08:13 2013 +0200
*config remove obsolete/unused modecfg_wins*
commit 649e5c0d5e412a1dfa0f179f215ffb112b43a20f
Author: Antony Antony <antony at phenome.org>
Date: Tue Mar 12 00:40:16 2013 +0200
*addresspool : added to Makefile.options
commit 581b42695b1ec14563caf304cc8b8385247665c5
Author: Antony Antony <antony at phenome.org>
Date: Tue Mar 12 00:19:58 2013 +0200
*addresspool : left|rightaddresspol support and testcases
commit f0530a007b8b7a17db4c100b035c099081dce311
Merge: 21045bd 6e9f6f9
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 19:52:54 2013 +0200
Merge branch 'fragmentation'
commit 6e9f6f959b63db72a429449fa844320437d9feaa
Merge: 54ad009 21045bd
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 19:36:10 2013 +0200
Merge branch 'master' into fragmentation
commit 21045bd0d125fa9385798e5ded7d656f85786291
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 14:54:24 2013 +0200
update CHANGELOG for _plutorun changes and sysvinit tuning
commit 08887f953a6da062a5ae47df92132db77e8c295c
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 14:49:53 2013 +0200
sysvinit: change initscripts to use new _plutorun interface which passes all pluto options
commit 37be2781d9ab457384338403f3c38d2ebdf915fa
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 14:45:25 2013 +0200
_plutorun: change plutorun to pass all command line options to pluto
simplify script to actually work
commit 54ad009025f27f364df94691a16a8bc453464f5d
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 11 07:53:17 2013 +0200
ipsec.conf: Fix some typos in ike_frag= documentation
commit bbc65776e8896e8f83dab9869f1b49f1a7780932
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 10 13:27:04 2013 -0400
* pluto: threading cleanup in log.c
Use one mutex for all locks.
Protect whack_log() with a mutex
Don't protect fmt_log with mutex
Change debug_prefix to const
Based on patch by Philippe Vouters
commit e9969f7de062d93a906ca79c80d5687011b67d7f
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 10 18:27:02 2013 +0200
re-fixed CHANGES for pthread
commit fc06d1ca87c59142a1c1bf609f153a12496b25fc
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 10 18:26:39 2013 +0200
compiling: correct fix for CFLAGS: -pthread
commit f819a384c8beef5158ed54985748723020c089b9
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 10 17:34:45 2013 +0200
add info about -pthreads to changelog
commit a47146d38f96abb80da188aee43c3646cf7ce04b
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 10 17:27:16 2013 +0200
compiling: added -pthreads to CFLAGS
commit 6e267fe116c13e58e71a07f87f9f9f8b74d28245
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 10 12:46:04 2013 +0200
pthreads: Make sure pthread.h is the first include file
commit 2dbbbc7011042ccc6c273b89c557eede2d73f288
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 9 22:52:03 2013 -0500
* packaging: make pluto pam file %config(noreplace) in spec files
commit 4a07734ffc75e6bdaceadddcb6eec98d2dbbc02a
Merge: 13cb4f5 cd2acdf
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 10 00:06:26 2013 +0200
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 13cb4f591e65a6fe1434a7cdcc37ee47f43a5d07
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 10 00:06:11 2013 +0200
sysvinit: fix location of sysconfig dir on install
commit cd2acdfec8f153eab5b9ef92fb0ec2024d34a20d
Author: Antony Antony <antony at phenome.org>
Date: Sat Mar 9 21:43:31 2013 +0200
*updwon script syntax fix _updown.klips.in
commit 2c03d725571a9750f2961b556f09a597520a0973
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 9 00:13:09 2013 -0500
* IKEv1: Only mark peer as fragment capable after assembling a fragment
We used to mark a peer as fragment-capable after receiving a first
fragment. Now we wait until we have assembled a full IKE packet from
fragments.
Regardless, when we receive the vendorid we deem them fragment capable.
In theory this could be spoofed, but an attacker that can modify packets
can do a DOS anyway.
commit 934a4944d6edd7a5aeac9fd7ed2e03f664da9d42
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 9 00:12:34 2013 -0500
* IKEv1: Don't process incoming fragments with ike_frag=no
commit 06b26d0c2b76e9abee5816d88c5cdcd90d741b1c
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 21:59:21 2013 -0500
* pluto: fix log message causing crash on INVALID_COOKIE
Introduced a few commits ago by me using a wrong:
(st == NULL) ? st->st_msgid : ""
(I paid for it with a few hours of my time)
commit 4d226e7c78305fe8b6554718bb06e1959c80a78c
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 19:32:10 2013 -0500
* ipsec.conf: Add documentation for ike_frag= option
commit e8f212ba5029ea093ff160058ded237e5ae75caf
Merge: d3459cf b771ac1
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 19:15:35 2013 -0500
Merge branch 'fragmentation' of vault.foobar.fi:/srv/src/libreswan into fragmentation
commit b771ac179fab828f4e35d964c3cf472b5217d440
Merge: 9748787 cd4aa64
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 19:15:07 2013 -0500
Merge branch 'fragmentation' of vault.libreswan.fi:/srv/src/libreswan into vault_fragmentation
Conflicts:
testing/guestbin/swan-prep
commit 97487873be3fd2846dd3f17b3bf9cea40938b735
Merge: 0b6b498 54ec872
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 19:14:13 2013 -0500
Merge branch 'fragmentation' into vault_fragmentation
commit d3459cfda7a02bc946c251384af4e184be2a127a
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 19:12:25 2013 -0500
* vendor.c: mark st UNUSED in handle_known_vendorid
commit cd4aa6479bd9dfe7dfdc8583d743e402987161c5
Merge: 0b6b498 42a46c4
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 18:57:55 2013 -0500
Merge branch 'master' into fragmentation
Conflicts:
programs/pluto/demux.h
testing/guestbin/swan-prep
testing/x509/dist_certs
commit 42a46c43be90dda2c9054312ea6ebf915adeabbd
Merge: 61bd40d e0c6962
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 18:52:17 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 61bd40dfbe10337f65e7f690508850a49857e872
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 18:49:18 2013 -0500
* pluto: fixup phread locking using lock_certs_and_keys()/unlock_certs_and_keys()
The code using lock_certs_and_keys()/unlock_certs_and_keys() was commented
out because it depended on LIBCURL which is not always present. A "fixme"
warning was issued.
But only the CRL code should depend on LIBCURL. So I re-instated the
pthread locking by moving these functions from programs/pluto/fetch.c
to lib/libswan/secrets.c
commit 54ec872a12a81ed3003155b35ec0d433ad9b362c
Merge: 2b997d7 961dc4e
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 18:32:24 2013 -0500
Merge branch 'master' into fragmentation
Conflicts:
programs/pluto/demux.h
testing/guestbin/swan-prep
testing/x509/dist_certs
commit e0c6962f636408cdd4600177c5ff0acd1284efe0
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Mar 8 23:36:08 2013 +0200
scripts: fix ipv6 default route split
commit be31894a46c6af0fea62e41c49c24d22ffe8f28a
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 14:15:20 2013 -0500
* pluto: Add pthread mutex locks to some logging functions
Some logging functions are calling non re-entrant functions. Until we've
caught them all, use a mutex to insure threads aren't accessing them at
the same time.
Functions changed: libreswan_log() DBG_log() loglog() and fmt_log()
commit 12acc276f502ec0c9379cba5be158e22cbd1c28e
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 13:51:48 2013 -0500
* clarify logging example in ipsec.conf
commit 00c8c8e3a0918145b382370c7c08405906266e06
Merge: 2a97164 961dc4e
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 13:46:54 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 2a9716410c34e9786770d846ca6d6d53515bd197
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 8 13:42:50 2013 -0500
* log XAUTH username on same line as Traffic statistics
In ipsec auto --status it shows up as:
000 #2: "redhat" esp.e4432d35 at 66.187.233.55 esp.a9433c16 at 172.20.10.2 tun.0 at 66.187.233.55 tun.0 at 172.20.10.2 ref=0 refhim=4294901761 XAUTHuser=pwouters Traffic: ESPin=474B ESPout=336B ESPmax=4095GB
when the connection goes down, it shows up as:
"redhat" #2: deleting state (STATE_QUICK_I2)
"redhat" #2: ESP traffic information: in=474B out=336B XAUTHuser=pwouters
Also, make humanize_number() static
commit 5b725c34ae3477c326474319a367f05171d7178c
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 19:43:01 2013 -0500
* Removed xfrm xuctx security context log message with incomplete format string
commit 961dc4eb72c221b6fa13c3799dc5b52a5305ba93
Merge: 4d7ce94 bd44e1c
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 7 22:05:20 2013 +0200
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit bd44e1c18d1315f163655e324a5f14a34d830176
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 14:34:32 2013 -0500
* Bug 73 - extra logging from dpd packets after commit d18825150b
Fixed, and added a comment to ensure this isn't 'fixed' again.
commit 5627bf955e2f207c0097f0e3f45212da8e3c060d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 14:17:04 2013 -0500
* threads: protect crypt() with a mutex
crypt_r requires -D_GNU_SOURCE. Not sure crypt_r is implemented under
OpenBSD and FreeBSD. crypt requires -D_XOPEN_SOURCE and thus should
be implemented on every Unix/Unix-like. The pthread library is even
implemented under Windows/Cygwin. It is implemented on Linux/HP-UX/Tru64
(both HP's Unix). So the pthread library should as well be under
OpenBSD/FreeBSD.
Patch by Philippe Vouters <philippe.vouters at laposte.net>
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit bdddc287874d7fe9a36c3ce6f66f93f37e7a7da4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 14:07:31 2013 -0500
* xauth: crypt() can return NULL (ie in FIPS mode)
commit a1f1b5815cee2327183045d09d50cdf1a8c3f5cc
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 14:05:51 2013 -0500
* audit: add comment about false positive valgrind warning
commit 713deb1a7294f59134eda52a8eef1d14106dadbe
Merge: 5ede192 5291079
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 7 11:55:31 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 4d7ce94fd7f245ccfcb1d7ac3ee3afa2517aba71
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 7 11:23:27 2013 +0200
scripts: remove whitespaces at end of the line
commit 52910798b6c8d81e3c57194901fc0397528ec846
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 7 11:10:35 2013 +0200
scripts: fix hardcoded path in ipsec.in
commit fb534e5dc42faa26ede1331fb6e4365c8cebc091
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 7 11:04:52 2013 +0200
initsystem: fix bashism in init scripts
commit ef11afa8971af1c5b4c2fd1039c89a0b94a6d08a
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 7 11:01:18 2013 +0200
scripts: cleanup ipsec script and fix one bashism.
commit 5ede19293a9f604923dd135214258bbfe2c92ca5
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 23:15:49 2013 -0500
* simplify PK11_Derive_lsw() and squash a warning about an unreachable switch default
commit 819b129f617f94b27bbcd9f80ba51d491340091f
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 23:46:38 2013 -0500
* sprinkled a few passert()s to ensure conn name is not NULL
commit 578e6c4ad6d8c65182c27998b5526e2feb50dde4
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 6 17:31:23 2013 -0500
* added testcase for basic-pluto-01 with valgrind
commit 4103f3b8a6b9a9dcaa51301c82cda5eb7fd381c0
Merge: cb798e0 e25f507
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 6 15:41:10 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit cb798e0817fa5bf2a193dd0d158c860ba7ddfe18
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 6 15:37:30 2013 -0500
* pluto: display the number of loaded/active connections in status
000 "redhat": prio: 32,32; interface: bnep0; metric: 0, mtu: unset;
000 "redhat": newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "redhat": IKE algorithms wanted: AES_CBC(7)_000-SHA1(2)_000-MODP1536(5), AES_CBC(7)_000-SHA1(2)_000-MODP1024(2)
000 "redhat": IKE algorithms found: AES_CBC(7)_128-SHA1(2)_160-MODP1536(5)AES_CBC(7)_128-SHA1(2)_160-MODP1024(2)
000 "redhat": IKE algorithm newest: AES_CBC_128-SHA1-MODP1536
000 "redhat": ESP algorithms wanted: AES(12)_000-SHA1(2)_000; pfsgroup=MODP1024(2)
000 "redhat": ESP algorithms loaded: AES(12)_128-SHA1(2)_160
000 "redhat": ESP algorithm newest: AES_256-HMAC_SHA1; pfsgroup=MODP1024
000
000 Total IPsec connections: loaded 1, active 1
000
000 #2: "redhat":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE_IF_USED in 85643s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
commit e25f5079936682e1add8e8c0362497750c300ca4
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 21:56:17 2013 +0200
fix typo in d18825150b042f7dbe2c25e85b1c0b6a949a663a
commit b4bbff0949ee9b5f225669b4cb6ec7058fc2e359
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 21:28:18 2013 +0200
init.debian.in: fix wrong variable expansion
commit 4d75cf59b1b8264294c0d95d6f282c59ce672b83
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 21:21:36 2013 +0200
plutorun: use correct variable for config file
commit 9664adc5d309055b1016d177f615aaf2241d69a4
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 21:18:30 2013 +0200
stackmanager: remove extra then and finalize cleanup
commit 982e36711df044604e48a1a700cd1940a4b4c202
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 20:36:09 2013 +0200
add changelog entry for bug#50
commit 6d534f25b26ade55c4c18c4029a85f7f610188bf
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 6 12:49:57 2013 -0500
KLIPS: fix kmod building for rhel/fedora spec file versioning with arch
commit c382317f1e21a0939a1f01d7e9f29efd81066f15
Merge: d5a9176 ec3054f
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 17:33:53 2013 +0200
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit d5a917623ce2fb58ca254dd9013c7c7a5532aa70
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Mar 6 17:31:00 2013 +0200
scripts: big script cleanup unifying coding style to new one where possible.
This cleanup also fixes multiple bugs in scripts.
Also this should fix libreswan bug #50.
commit ec3054f1c17e521adc38d452cfb9539c4a42fa65
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Mar 6 03:07:39 2013 -0500
* address re-entrancy
- add NOT RE-ENTRANT comments where evident
- make bitnamesofb() re-entrant
- add a jame_str function to do what people try to use strncpy for
- replace confusing global buffer diag_space with local variables
- convert some file-static variables to function-static
commit 5d4e8cd79e147ca6e64f65852230e71b0378e300
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Mar 6 02:04:03 2013 -0500
* tweak timetoa to make it more concise
commit 852a7c61cff495acbb1707cdb683f5bc4c787d65
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 14:49:36 2013 -0500
* testing: int/string issue in swan-prep
commit 418da26c1f5ffdd13cf3ea523bf7a69f295f6a17
Merge: 29999c3 896ff57
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 14:19:13 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 896ff57192f6846ef6864c5596d00ef200d76766
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 5 21:18:50 2013 +0200
pluto: fix IPCOMP logging to be easier to read
commit 29999c34453352a80feaad787fd8b2961998cd52
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 14:17:27 2013 -0500
* fixup recently introduced check for rekey=no plus dpdaction=restart
commit 4dde1771e5e89cd80 to implement this never triggered because it
confused conn->options_set[X] and conn->options[X]
commit a0e4dd1a3a854286deef1ef876b94ea17b5d31f7
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 14:11:35 2013 -0500
* testing: added testing/klips/fixups/cut-postfinal.sed
commit 79a9a9d9a951d8cdd8a69d28ed37c94b7e34bd4d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 13:35:28 2013 -0500
* lswconf.c: remove unused variable env
commit d18825150b042f7dbe2c25e85b1c0b6a949a663a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 13:33:44 2013 -0500
* ikev1.c: code cleanup - as suggested by dhr on the mailing list
commit eeaf4d5c2cbf8257cce3ed5715581ef8ce518c77
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 12:25:18 2013 -0500
* libswan/pluto: don't use localtime/gmtime - not thread safe
Instead use localtime_r/gmtime_r
This resolves a crasher when many rekeys with XAUTH are happening,
and the do_authentication() call in the threads are logging a lot.
commit 9ff70cbb08ecb00c045354f80c6d44a46b62078c
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 11:52:49 2013 -0500
* testing: swan-prep: fix regression in killing old IKE daemons
commit 76ae9b534a24159f23da1fcc1043e14b3fa15192
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 5 00:11:25 2013 -0500
* testing: sync up test case work.
commit 2ed580d33b18ee5dbd66c30856fb81c2a2f9cc36
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 23:53:29 2013 -0500
* testing: dotest logs RESULT now.
commit 04e006fd6e97005599ebc0cb00d0dac79c376849
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 23:52:51 2013 -0500
* testing: swan-prep: don't use lstat, it throws exception.
commit ff4dfee2c2c5cdf2e20e5afff45f618b7de02e1f
Merge: ece0d94 d666696
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 17:58:17 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit ece0d94d7e2f699fe6779b70d3ddc554914310ca
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 17:57:41 2013 -0500
* testing: make stackmanager call path independant
commit d666696d755b4fbd58fd7f68621abd9b6734f3fd
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 16:03:27 2013 -0500
* testing: lstat / testname/dir fix.
commit 8d406e98dd1be3272f4bd424902b20e6f2da3b62
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 15:36:00 2013 -0500
* testing: run swan-prep in each test, to assist manual test runs
It has been taken from runkvm.py so it is easier to run test manually.
Some better checks for the /tmp/pluto.log softlink as well
commit 426c47723f6a96e1e9dac3a13b2c01c089b3fdd0
Merge: 7542cd1 a7ff698
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 11:13:06 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 7542cd1cb5eab5eab955d3d7f4eaf6eac84a46b8
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 4 11:10:40 2013 -0500
* testing: added four testcases for compression=
compress-pluto-01 is klips-klips with compress=yes
compress-pluto-02 is klips-klips with compress=yes/no mismatch (should fail)
compress-pluto-03 is netkey-netkey with compress=yes (should not fail but does)
compress-pluto-03 is klips-netkey with compress=yes (should not fail but does)
This shows a clear bug in kernel_netlink.[ch] with compress handling on NETKEY
(regression from osw 2.6.38)
commit a7ff69897209ccdc7ebaccb71d7e190190379e30
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 3 20:44:39 2013 +0200
update changes for rpm spec file changes
commit 506a0d3b97f353aba2cd2eed3ef0996aa245a95e
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Mar 3 20:42:55 2013 +0200
packaging: add /etc/ipsec.d/crls and /etc/ipsec.d/cacerts dirs to rpm spec files
commit c821518211729228ee3b397632b7d24cf4dd9ea2
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 12:38:55 2013 -0500
* testing: fixups of basic-pluto-0[134]
commit b42987f38600d68f90fcd275362791c3af379343
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 12:10:30 2013 -0500
* testing: added host-prompt-sanitize.sed
commit 02c89c841f45e1acd9b90cd10626021589d4d0aa
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 11:54:39 2013 -0500
* testing: basic-pluto-01 dont run duplicate swan-prep
commit cd113d3d11be3027806c5435d3cd7352890074d9
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 11:49:39 2013 -0500
* testing: dotest.sh store RESULT in OUTPUT/
Also, at the start of the test, create the RESULT file with content "RUNNING"
commit 59cf5d47d2a04e442aa92897dab0b87dc0017c8b
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 00:47:23 2013 -0500
* testing: fix version sanitizer
commit d2692a785fb2c4637ca431b4cd883a43f275f6e2
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 00:46:22 2013 -0500
* testing: dotest.sh should pick different tcpdump iface for north tests
commit 6d1594d509e859f99f4859a4f057a20e488280ee
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Mar 3 00:45:47 2013 -0500
* testing: fixed basic-pluto-03
commit cda1132a8e30d14d3c04ab287d81bf637cf974cc
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 2 23:32:16 2013 -0500
* testing: fixup klips-spi-sanitize.sed to replace all esp.XXXXX occurances
commit 6c95cc11947399a28f704148b579066e098b6af0
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 2 22:37:40 2013 -0500
* testing: basic-pluto-03 converted to kvm style
commit 84327a996a94d1c79426c5742218c637b798d264
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 2 22:36:06 2013 -0500
* testing: sanitizer fixup for "Starting Pluto" without pid.
commit 3a28e178f34d460466306d0bc91a2f1ef6caec30
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 2 18:24:57 2013 -0500
* testing: dotest.sh would abort when nic was in use.
The following would terminate dotest.sh
if [ -n "$NIC_PID" ] ; then
kill -9 $NIC_PID
fi
Commented out
commit 16789b973974c0fff9a89876ba8d7130c9ca0bda
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Mar 2 18:23:43 2013 -0500
* testing: remove lefnexthop= from left=%any setting in ipsec.conf.common
commit e78c346c1c2f2e0fb00c613fb04b51360732da14
Merge: f5b7db1 7f3fa6c
Author: Antony Antony <antony at phenome.org>
Date: Fri Mar 1 20:37:44 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 7f3fa6cc56c28a24cd4f71a7c77c6f3d0cc8de3d
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Mar 1 20:21:15 2013 +0200
fix: crlcheckinterval value is time, not number
commit 86fe4d1afa7a33de799c381e872b263f843110a8
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Feb 28 23:09:36 2013 -0500
* add comments describing protocol for Informational Exchange
commit 3d3594f5406260e91d8732cdbc9ccd20f87dbc67
Merge: a65a4e6 ab5d717
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Feb 28 23:07:10 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a65a4e6e21058c78bb6921b16c4568af326059ce
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Feb 28 23:01:36 2013 -0500
* struct msg_digest: clarify that some fields are only for ikev1 and some are only for ikev2
commit ab5d71709978bcdf4bed7d2927afc8f6c03aa571
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 28 18:08:26 2013 -0500
* stackmanager: don't do anything without kernel module support
commit 67de91d21fe22515a17fdc0878186dd49b7d7e84
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 28 10:46:51 2013 -0500
* testing: runkvm.py: give the prompt a 0.5ms margin to appear.
This secret sauce seems to make final.sh happier.
commit 9cee42c35d4ece93db1f8cadda6877d369b3b993
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 28 10:28:37 2013 -0500
* testing: runkvm.py Attempts to grab serial reduced from 200s to 20s
This was put in by mistake by me. Also removed the implicit default
for hostname to east
commit c7d0d0d5cf165b60be77dfb75d4fe40eacc79194
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 28 10:25:06 2013 -0500
* testing: runkvm.sh also needs full prompt for running final.sh
commit f50caa292f0de28efc2c5330fb9decd0e8b25ae4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 28 00:15:58 2013 -0500
* documentation: updated stock ipsec.conf file
commit 43e1428e8c5b070b2dd109a99ad3a4c718a8cacc
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 27 23:45:00 2013 -0500
* testing: Figured out the occasional mangling of lines!!
The cause was that we were waiting in the expect loop on the prompt
to return, to then send the next line. But the prompt was defined
as "root at hostname", even though it was "[root at hostname testname]# ".
probably the [] were left out because within expect that also has
meaning so you have to protect them using \[ and \]
With matching the full prompt now, I managed to run basic-pluto-01
5 times in a row without seeing the mangling anywhere.
commit eee8e35e170f32d9d9a568f141bb76668c660c8a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 27 23:44:14 2013 -0500
* testing: north gets a new raw rsa key that's in NSS
commit aad9f13140ed57b2c6f3fccb85682d0226d390fb
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 27 23:14:45 2013 -0500
* testing: remove unused virtinstall-base
commit 3dcf525c51d81c44b88bd389bc74fc2e671d05b5
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 27 22:59:58 2013 -0500
* testing: dotest.sh now logs results to testname/RESULT
commit ba895127bf6fa79d5f37d8b522f0d577b81aa24e
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 27 21:52:30 2013 -0500
* testing: Make dotest.sh and runkvm.py a little more robust
I was regularly seeing "hangs" and a failure for a test case to take
control of a VM. These changes resolve the hangs for me and improves
the output for humans to figure out what's going on.
We used the serial console to reboot a VM, now we use virsh reboot
directly. When we still had something running (eg ipsec auto --up retrying
a long time) our reboot command would never arrive.
Related, we now hit return and ctrl-c when reconnecting to the
VM. Additionally, we run stty sane because the console's tty insanity upon
reconnect seems to cause what we called "flow problems" in the output.
Use setproctitle to rename the runkvm.py processes (called python) to
"swankvm". This allows us to "killall swankvm" at the start of a test
to kill any lingering python scripts from previous runs. We also kill
any remaining tcpdump processes.
Prepend the prompt (hostname at testname:) for all output to the shell
running the test, to make it easier for the human to see which of the
running hosts is generating the output while the test is running. This
does not change the output in the test OUTPUT/ directory
wrap all child.expect() calls into a try: / except: statement, so we can
just throw a human readable error, instead of a python stack trace that
scrolls off the screen, especially when sharing a screen with 'screen'.
When expect is waiting on either the login: prompt or the root prompt,
act differently based on which we actually get back. Only attempt to
login when we did not get a root prompt.
Move deletion of /tmp/pluto.log and symlink from runkvm.py to swan-prep
Also reboot "nic" for each test so it properly clears the iptables and
conntrack tables.
Reduce the timeout values for expect so failing tests fail a little quicker.
Before this it would take minutes to fail.
Clearly notify failure/success for gaining access to a VM.
When hitting return to get a shell prompt, also attempt ctrl-c
commit 99767039c33ee7bf73fea5594dec339de4bc8f46
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 21:12:17 2013 -0500
* testing: basic-pluto-01 fix in eastinit.sh to use rm -f not rm -r
commit b00165aa6eb21bcbf016c25efbd6355afb3c969c
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Mon Feb 4 16:41:02 2013 +0100
* XAUTH: remove modecfg* from sa_policy_bit_names
They were only removed from pluto_policy in commit c015d1a038546a5c32d9a36d16462d490108e254.
commit 840b15e445a5544f8446d010f9d3ee3d16ca0f01
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 16:40:55 2013 -0500
* testing: basic-pluto-01 showed wrong policy name for SAREFTRACK and IKE_FRAG
commit 06564f0fff2d6ddd99e1e1da2d9064db36fabb9d
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 26 16:23:12 2013 +0200
Fix ipsec.secrets.5 man page name which was broken by
8a0165bd09ce2e7328abbc95dfab14b855f84526
commit f9039425c342523d86d43eb566e7024585c5c2fb
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:54:25 2013 -0500
* testing: fix harmless typo in dotest.sh
commit e82619d2410083e2f8b638d12acf0763ace382fa
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:43:03 2013 -0500
* testing: basic-pluto-01 now passes on bofh.nohats.ca.
commit dec81090c44f70a7225e33c068b1045d5c5e5681
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:38:01 2013 -0500
* testing: fixup of runkvm.py
I had introduced the skipping of lines starting with "#" a while ago
to fix text flow issues, but that caused us to not put in the markers
in the console log for # --- cut --- and # --- tuc --- and we would
end up with too much for the sanitized console.
runkvm.py also called ipsec whack shutdown, even though we do that already
in final.sh. At for non-pluto userlands it would need to be different anyway.
And for some tests (eg netkey) we want to test if the ip xfrm tables are
empty afterwards, so it is not neccessarily the last action we want to do.
So leave it up to final.sh to do the shutdown.
commit 0cdfdf67e0114ff12188b073cc72a8aac4e9d75b
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:30:51 2013 -0500
* testing: add esp.XXXXXXXX syntax to klips-spi-sanitize.sed
commit dd1ccbc6433488b2f2c4b39fda8e0925401b9eb6
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:29:52 2013 -0500
* testing: cut out kernel AVX/padlock detection messages in kern-list-fixups.sed
commit e29b8a5c04fb14a26c79db59f8919f4596ea4e3d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 26 01:29:06 2013 -0500
* testing: add EST and UTC timezones to ipsec-look-sanitize.sed
commit 17891b5bff97a4e77a6cd8c3859f8e6f6090377c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 25 22:59:36 2013 -0500
* testing: fix dotest.sh to properly find functions.sh
commit 5bee229727e8b59fb85b25d829893e8c7a03048b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 25 22:58:30 2013 -0500
* testing: libvirt: generate X509 certs, fixup libvirt net create, nic vm
commit b0332e34e0a704604ce9c02765e6c89d80bbcae1
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 25 22:58:04 2013 -0500
* testing: add host entries to VMs for north/west/east/road/nic
commit 80683a439e5190ba94c9556997c7b3a0f152ab7d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 17:26:50 2013 -0500
* testing: flat.conf fixups
commit e7aaedcd1ec1cf6f0a0a169ce874bb70bfed2796
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 17:24:55 2013 -0500
* testing: swan-prep needs glob and pexpect
commit 501596dfec6d4692030c9a39c39cc8a4bec0879d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 17:24:28 2013 -0500
* fixup ipsec.conf.common path
commit 7fe25c551be7566d25437495b0ed70e6861176c4
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 17:06:02 2013 -0500
* testing: initialise the nss database in swan-prep
commit 6c7a6a400579a235b9ffe9d7238a09467a0bee88
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 17:05:16 2013 -0500
* testing: add north to sanitizer
commit d38ad8a048a9ca3a93f7349474feb6ee53718c4c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 16:38:53 2013 -0500
* testing: remove default testname from swan-prep for autodetect, fix typo
commit 2fb6cd5073abd23633f8429cd42d246127341695
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 16:35:57 2013 -0500
* testing: support north as initiator
commit a5872b4fb00435df924079ca674ba4bc2ad395b0
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 16:30:17 2013 -0500
* testing: fix all occurances of ipsec.common.conf
Fix them to point to /testing/baseconfigs/all/etc/ipsec.d/
commit 3df2893c9a3330762abd033269ee33745df00e2a
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 24 16:21:08 2013 -0500
* testing: add pexpect to VMs for Fedora 17
commit 77ee60ec235fbace1748d558ede4914c24c0f708
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 23 22:20:50 2013 -0500
* testing: pull up nat-pluto-01 from addresspool branch
commit 4dde1771e5e89cd80c60f97683659d6d1e3671b3
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 23 22:17:07 2013 -0500
* DPD: Do not allow dpdaction=restart/restart_by_peer for rekey=no
Do not allow DPD to restart/initiate a connection when the policy is
rekey=no. If this is configured by the user, log a message and use
the default dpdaction of "hold".
commit 62e53fd9a384c1b2faac2d066522864fe2e35520
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 23 21:38:55 2013 -0500
* NAT-T: Added more debugging lines in DBG_NATT category
commit f5b7db1472324b74bded8e73bb0b834eed6c6dbf
Merge: 087f529 211996f
Author: Antony Antony <antony at phenome.org>
Date: Fri Feb 22 13:07:56 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 211996f47a2efce92d656ddb95e85d967cc48254
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 22 00:27:07 2013 -0500
* testing: remove obsoletd netjig documentation
netjig was used with uml in the past, but the current kvm setup
does not use it anymore.
commit e1dfe1ad49caec945a439d1e158f302a9676f820
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 21 20:50:24 2013 -0500
* testing: filter STP from tcpdump
commit 23a4c0d9e497fe7875558e63a5b7624e9a5878bd
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 21 16:15:23 2013 -0500
* testing: Fix north's IP address and east's nexthop for east-north cases
The configuration and documentation (testnet.png) mismatched and caused
nat-pluto-01 to fail as north could not orient itself to its bogus IP
address.
commit 9c32f2fec0f77aafc198019ee30001fe7206feb4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 21 16:02:37 2013 -0500
* testing: fix paste error in gateway setting for north's baseconfig
commit d6bd8efb010727aaa3bb918f1ecad8545ea77d68
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 21 15:04:21 2013 -0500
* testing: swan-prep tries to determine testname on pwd if not specified
This saves us from needing to set/export TESTNAME and makes copying
test cases easier.
commit 3612a6dd5abd5b683bac41dc8094f99b2af9fc67
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 20 23:29:19 2013 +0200
rhel: fix debug package creation
commit 737734f8e2fd25180056936e78f915e97539759f
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 20 23:05:09 2013 +0200
rhel: libreswan.spec cleanup
commit 0b6b498f8f80782929583b7fe6a28daba058eae0
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 20 10:53:51 2013 -0500
* fragmentation: Remove spurious Racoon non-ESP marker
During testing we found that racoon sometimes adds a bogus non-esp marker
to the IKE packet. This confuses libreswan, because it causes the ICOOKIE
to not match to an existing state.
We assume now that if the ICOOKIE starts with 00 00 00 00, that it is
such a bogus marker, and we use out_raw() to remove the 4 bytes from
the packet stream. However, it still looks like racoon gets it wrong,
because the ISAKMP header is still not properly formatted.
We're still investigating
commit be27d31e1e9997d2d48cada82f2b1f9a45548e08
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 20 11:11:46 2013 +0200
out_sa: fix syntax errors caused by 249fbd0eda68d71e466812ea8298dc28f6235d74
commit 9bcb72743bdd0b007ceb1873c4582f512985b1e8
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 20 00:08:29 2013 +0200
update CHANGES for X509: Warn 14 days before certificates expire
commit 747190592b92a4383d7095637e28a9c6dd2034c0
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 20 00:06:01 2013 +0200
checkpubkeys: warn 14 days before public keys expire
commit 62402104e4b280bf0deab23950d00ea0ed47cd06
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 19 20:35:18 2013 +0200
makerelease: fix git archive command to work with older git versions.
commit 2b997d71d48c9ed794aaebd25beea69a3e51871c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 16 15:25:11 2013 -0500
* DPD: clarify log message is about a DPD event
commit 2ca5e969c230eabdf3aae14154ec8333e7568123
Merge: d992d7b 1e9faef
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 15 14:12:48 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d992d7bb2ec313c63e77bd9de07af697b629ef5a
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 15 14:11:45 2013 -0500
* DPD: Don't try to delete non-events
This happened only when we were just firing up the phase2. It was
ignored, so this is mostly a cosmetic fix.
commit 1e9faef52b7b4cea87adc43a78a0985c2c59a428
Merge: 9ad72f1 e7bb0e2
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 15 11:34:42 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 9ad72f16ccacd721c4c85d281843302a3594ea86
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 15 11:33:36 2013 -0500
* IKEv2: narrowing used a wrong port range in determining bestfit
This could lead to narrowed proposals failing.
commit 6f3c006ba72cecb30234264c01302126e73c2235
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Fri Feb 15 14:53:06 2013 +0100
* removed redundant vendor id logging
the used vendor id will be logged twice because of a removed return
in 75269b8de30ae6368c41d5c53e25631ed2e20cc8
e.g.
received Vendor ID payload [RFC 3947]
received Vendor ID payload [RFC 3947]
commit 738701a89b3e391b5773fcc4f8ac7b49203e9694
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Fri Feb 15 10:59:45 2013 +0100
* IKEv1: fragmentation never fragment initial main mode packet
If the first packet is fragmented the peer ignore it
"packet from 10.0.11.203:500: received IKE fragment, but have no state.
Ignoring packet"
This can either happen with force on or when pluto
changed the policy to force after receiving a fragmented packet and the
initiator starts the phase one rekeying.
The first packet exceeds ISAKMP_FRAG_MAXLEN fast with all the proposals
and vendorids.
10:05:15.519781 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 640)
10.0.11.203.isakmp > 10.0.14.204.isakmp: [udp sum ok] isakmp 1.0 msgid 00000000 cookie f7490449d6831ca1->0000000000000000: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #0 protoid=isakmp transform=12
(t: #0 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=aes)(type=hash value=sha1)(type=auth value=rsa sig)(type=group desc value=modp2048)(type=keylen value=0080))
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=aes)(type=hash value=md5)(type=auth value=rsa sig)(type=group desc value=modp2048)(type=keylen value=0080))
(t: #2 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=3des)(type=hash value=sha1)(type=auth value=rsa sig)(type=group desc value=modp2048))
(t: #3 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=3des)(type=hash value=md5)(type=auth value=rsa sig)(type=group desc value=modp2048))
(t: #4 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=aes)(type=hash value=sha1)(type=auth value=rsa sig)(type=group desc value=modp1536)(type=keylen value=0080))
(t: #5 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=aes)(type=hash value=md5)(type=auth value=rsa sig)(type=group desc value=modp1536)(type=keylen value=0080))
(t: #6 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=3des)(type=hash value=sha1)(type=auth value=rsa sig)(type=group desc value=modp1536))
(t: #7 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=3des)(type=hash value=md5)(type=auth value=rsa sig)(type=group desc value=modp1536))
(t: #8 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=3des)(type=hash value=sha1)(type=auth value=rsa sig)(type=group desc value=modp1024))
(t: #9 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=3des)(type=hash value=md5)(type=auth value=rsa sig)(type=group desc value=modp1024))
(t: #10 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=aes)(type=hash value=sha1)(type=auth value=rsa sig)(type=group desc value=modp1024)(type=keylen value=0080))
(t: #11 id=ike (type=lifetype value=sec)(type=lifeduration value=04b0)(type=enc value=aes)(type=hash value=md5)(type=auth value=rsa sig)(type=group desc value=modp1024)(type=keylen value=0080))))
(vid: len=12 4f454e584468416b74625a76)
(vid: len=16 afcad71368a1f1c96b8696fc77570100)
(vid: len=16 4048b7d56ebce88525e7de7f00d6c2d3)
(vid: len=16 4a131c81070358455c5728f20e95452f)
(vid: len=16 7d9419a65310ca6f2c179d9215529d56)
(vid: len=16 90cb80913ebb696e086381b5ec427b1f)
(vid: len=16 cd60464335df21f87cfdb2fc68b6a448)
(vid: len=16 4485152d18b6bbcd0be8a8469579ddcc)
commit e7bb0e20f3815d43c0cbbc4b973df1f59141a3a3
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Feb 15 00:48:01 2013 -0500
* in oakley_alg_makedb, gsp is already NULL enough (Coverity Scan)
commit f860cc7f360d34196c30ac408c275f608903b118
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Feb 14 23:44:01 2013 -0500
* fix type error in init_nat_traversal (found by Coverity)
commit e3570cae16ab9e6a111f0b12bafe2f96eb11d5f4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 22:06:11 2013 -0500
* fix for printing a ";" in ipsec auto --status
Introduced in 9ac4101f
commit 249fbd0eda68d71e466812ea8298dc28f6235d74
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 22:01:52 2013 -0500
* pluto: more missing checks for failing out_raw() / out_struct() calls
commit 7adaad527de3a005a7bf989a6a6e8fee4a79ab25
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 19:42:02 2013 -0500
* IKEv1: fragmenting comment out stripping non-ESP marker
The code states "Strip non-ESP marker from first fragment", but
it was only stripped out 1 byte, not 4 bytes. We expect this code
is never triggered, so commented out for now.
commit d402bd16fb0c85f441dbaf2e0023d1dcf7665cba
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 19:39:14 2013 -0500
* IKEv1: fragmentation non-ESP marker is 4x 0x00, not 0xFF
commit b67dbad175df9009a4bd4fb7c567a05956c4e9ab
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 15:37:47 2013 -0500
* xauth: fix indentation of CISCO_SPLIT_DNS and }
commit 5ac0162adc886f713f600671029c66c57567cf09
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 15:12:44 2013 -0500
* XAUTH: Added missing return code checks for out_struct/out_raw
We were not always checking the return code of out_struct() and
out_raw() in the xauth processing states. So we could have failed
to construct a part of the packet, and continued without returning
STF_INTERNAL_ERROR
commit 3782879b074c88dd1ea0dbae8de41ece28a5108f
Merge: 0df29df 02c3afc
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 14:32:55 2013 -0500
Merge branch 'fragmentation' of vault.libreswan.fi:/srv/src/libreswan into fragmentation
commit 5b5576f6299de8f0b2e3c7099942c4c6bf9d6a18
Merge: f1c2510 158a418
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 13:39:01 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit f1c25101e80783cf1625f47c5c8724e626a3770d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 13:38:06 2013 -0500
* document the retransmits=yes|no option for the ipsec.conf man page
commit 158a418b7606b45f449c45df0815443d3668528d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 12:57:52 2013 -0500
* IANA: Added note about our PEN number 41286
commit 02c3afcca6ac4bf5cb61ba179c3ef703826a3976
Merge: 1ddb6c8 e749530
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 12:38:47 2013 -0500
Merge branch 'fragmentation' of vault.foobar.fi:/srv/src/libreswan into fragmentation
commit 1ddb6c8d500d8d6a2a1faf34392e2e3dd5939d41
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 14 12:24:02 2013 -0500
* IKEv1: if receiving fragments, immediately respond with fragments too
commit 0df29dfd10401ec39e59d00310d17d8af29b9e4d
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 22:02:18 2013 -0500
* testing: import glob for swan-prep
commit e7495301464ef1aebb50691aab77a033bbc8a9a6
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 21:53:43 2013 -0500
* testing: add python expect to the guest package list (for swan-prep)
commit 2e388ba3fa4bf9a81029ea984cd3679e6a612c42
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 21:47:25 2013 -0500
* testing: pexepect -> pexpect
commit cf47612b6417e782daa1059b797d70759079ea4a
Merge: dafcba8 55f1d3f
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 21:46:22 2013 -0500
Merge branch 'fragmentation' of vault.libreswan.fi:/srv/src/libreswan into fragmentation
commit dafcba8527cca0c78be1c8c799ab37abc68ffd55
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 21:43:57 2013 -0500
* testing: swan-prep was importing p12 files without starting fresh
It also caused it to prompt for a password when initiating the nss
db files. It now runs it through pexpect to create it, then fills
it in with the right p12 file.
Currently it then imports the public certs of east, west and road.
This is needed for rightcert=XXXX when there is no CA and certs
don't come in over IKE. Test cases that want to use the CA should
delete these public certs.
commit 55f1d3fb9225b823c38dcf6ae6dd2fd1e3f2277d
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 21:16:02 2013 -0500
* testing: not all filse were git add'ed for x509-pluto-frag tests
commit 972f233ebd348c3c128417646d382dda88ebb448
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 21:07:18 2013 -0500
* testing: fix typo for "can't idenity INITIATOR"
commit 6ea2584c5886cca5d3ac6c14ccb6e26d3b245652
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 14:16:36 2013 -0500
* remove temporary debug line
commit a27ab0914536f760e7207566d53dd6fcaf5bde02
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Feb 13 12:15:47 2013 -0500
* fix send_packet's packet length reporting
commit 6967f4e1aa1499d5499be5bfd047644342ec1118
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 00:37:48 2013 -0500
* testing: add road to dist_certs
commit 6af094e7c1c50288a23d99e9fdd8f5e05f155eed
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 13 00:37:07 2013 -0500
* testing: updates testcases for fragmentation support
commit 087f5293b82fe46e4eb23db1aeb3255b02c21637
Merge: a580f91 94669a3
Author: Antony Antony <antony at phenome.org>
Date: Wed Feb 13 03:30:51 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 65b49c0f7852f3ea463727c61e5d3a4470d1f34a
Merge: d0099d5 94669a3
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 12 16:49:18 2013 -0500
Merge branch 'master' into fragmentation
commit 94669a3ead39c02ca91a10f313345f0a585d4540
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 12 16:46:36 2013 -0500
* XAUTH: MODECFG and MODECFG_DNSWINS defines did not make it into lib/
This caused some modecfg code in the parser to not actually load
left/rightmode{server|client} parameters properly.
commit 4cc68a54ed8402462eeff10fe05e801a1f6fde7b
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 12 16:34:36 2013 -0500
* XAUTH: improve ipsec auto --status for xauth/modeconfig
Now shows all xauth/modecfg info
commit d0099d52f2bfe4538bdcc50ad272d5f83a8cfc5a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 12 16:28:38 2013 -0500
* added comment with xauth draft name
commit 30da6123acd345efcbfe4fdd76fe3ff5ea6a6108
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 12 11:48:31 2013 -0500
* testing: swan-prep did not handle multiple daemons matching for kill
commit a580f917eff48c97f759f750a6ac797655904064
Author: Antony Antony <antony at phenome.org>
Date: Tue Feb 12 09:14:56 2013 +0200
*testing : add road dist_cert
runkvm won't run shutdown it could be in final.sh
commit 2999cad7acd808bfb02b7872bb69f81133ba94d6
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 10 22:30:08 2013 -0500
* added iphone5 success log for reference in the future
commit a04aae69304b86579ac47f555402194629118229
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 10 17:52:59 2013 -0500
* fragmentation: store seen_fragvid in md first, fix force policy
When reading vendorids on the first packet, we don't have a state
yet, so apparently we store things in the message digest (md) first,
then copy it into the state for persistence.
Hugh's reformatting/refactoring missed the check for checking for
having seen the fragmentation vendorid at the peer, and used the
wrong policy flag to check for the "forced" scenario (where we send
fragments despite not having seen the vendorid)
commit 9cca3bfb55674a1eea8f77d0e822701c42e4d68c
Merge: 2ad979a 3a61bbf
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 10 16:53:55 2013 -0500
Merge branch 'master' into fragmentation
commit 2ad979a67da4fdfe597eb78c3293e461440c51d5
Merge: 07bec55 a6a380d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 10 16:51:13 2013 -0500
Merge branch 'fragmentation' of vault.libreswan.fi:/srv/src/libreswan into fragmentation
Conflicts:
programs/pluto/server.c
commit a6a380dd257d296bd10ec25c22a565cbec194618
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Feb 10 11:15:53 2013 -0500
* improve send_ike_msg logic
Simplify handling of keepalive.
Make fragmentation logic only work for IKE V1.
Clarify that resend_ike_msg is only for V1.
commit fff9986fb2c187c2323050a0abd75dedea6aec8e
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Feb 10 01:26:46 2013 -0500
* refactor send_packet
Renamed send_ike_msg since that is what it actually does.
Variants resend_ike_msg and send_keepalive created to capture relevant distictions.
Broken down into layers, simplifying complex and buggy logic and reducing duplication.
Touched up source formatting, again.
(Added a couple of consts missed due to bad makefile dependencies.)
commit a023b4cba4b06f3a1e8b08de0ac72dc16dc11953
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sat Feb 9 21:52:01 2013 -0500
* improve vendor.c
Eliminate leading _ from _vid_tab and _hexdig.
Make out_vendorid and out_vid return bool, as they are declared to do.
Clarify and simplify out_vendorid and out_vid.
Shrink the scopes of i and j in handle_known_vendorid.
Replace two memsets with two simple assignments.
Add const to pgp_vendorid's type.
commit 75269b8de30ae6368c41d5c53e25631ed2e20cc8
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sat Feb 9 21:01:25 2013 -0500
* tidy vendor.c
Rename vid_usefull as vid_useful.
Change code to reflect that vid_useful is a bool.
Make initial value of vid_useful TRUE to reduce code.
Eliminate confusing early returns from handle_known_vendorid.
Regularize some formatting.
Narrow the scopes of some variables.
commit 511a02ebd2992baf7bd5b9e84c3e96495b4389f5
Author: root <pwouters at redhat.com>
Date: Sat Feb 9 16:14:39 2013 -0500
* WIP: Store FRAGMENTATION vendorid and fixup resending logic
commit 3a61bbf9ca3f26e68dfb4155d676db303438b5ac
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 9 16:13:22 2013 -0500
* XAUTH: More elaborate logging of error conditions in do_pam_authentication()
commit 071a8c6de9ff03e2163cfa1e5965f2044ba5ce61
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sat Feb 9 14:07:44 2013 -0500
* improve frag code
Detect when marshalling cheat will fail.
Simplify and clean up code.
commit 07bec55dc7fde0a60ec990471432174235c05ac2
Merge: 298724d 3789f66
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 9 13:53:39 2013 -0500
Merge branch 'fragmentation' of vault.libreswan.fi:/srv/src/libreswan into fragmentation
commit 298724d671abb2492764c9dcef7372a56e1e478a
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 8 13:35:37 2013 -0500
* remove dead code in kernel_mast that used to configure mast0
It was triggering a checking script for "ifconfig" usage despite
it being ifdef'ed out.
commit 90d774516467ed15e74d74161b528110d181ba70
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 23:35:23 2013 -0500
* ike frag: document ISAKMP_FRAG_MAXLEN and ISAKMP_FRAG_FLAGS
commit 251296bba18fd33964246f34782762fc8785e214
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 23:33:31 2013 -0500
* ike frag: fixup logging calls and add pointers to online documentation
commit 3789f664446e6be4d48099a5b1e380d32be2dc9b
Merge: dc05619 eaeb0a7
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 23:14:11 2013 -0500
Merge branch 'master' into fragmentation
commit eaeb0a735d08e17ae46fb424cb30230190d433a4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 14:21:05 2013 -0500
* XAUTH: Example file to authenticate against PAM over HTTPS (eg FAS)
commit 0824fa962a9c10d70877350eef82a4a927b579e6
Merge: 648fc1e 6bee4c2
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 23:02:28 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 648fc1eed4decbfe3520f69927e12ad4af34b3e3
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 23:01:39 2013 -0500
* XAUTH: Added xauthfail=hard|soft option
Also some minor fixes of #ifdef XAUTH
commit 2626f3254ff002f6a50f605e9ffb44dd7e537b18
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 23:01:31 2013 -0500
* updated changes
commit dc0561989f4d031af6907d2b6cf69095550aaa18
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 14:21:05 2013 -0500
* XAUTH: Example file to authenticate against PAM over HTTPS (eg FAS)
commit 4cd596ffa85ada225328725747567f837d34f2d5
Merge: 0413b15 6bee4c2
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 09:56:20 2013 -0500
Merge branch 'master' into fragmentation
commit 0413b15545c06d4dd555298189390f7c1d7a263f
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Thu Feb 7 14:17:19 2013 +0100
* fragmentation: revert the changes at the state_microcode_table
Revert the first change from commit
f0dce92c26df14561bac81ab0e530fb6794fa5d9.
It is no longer needed with the latest changes.
commit dd2ef476a663954d59ba75bf299d7956985fcba5
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Thu Feb 7 14:12:57 2013 +0100
* fragmentation: changed behaviour when fragments are sent
The query in ikev1.c is no longer necessary, the decision is
completely made in send_packet (server.c).
Maybe an additional state check is necessary.
commit 6bee4c2f0603e8e7aca6d5fa8c3fbf2c03714415
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 02:59:59 2013 -0500
* testing: swan-prep tried to kill pluto twice, instead of charon
commit aa6b33a32261da156ea158d05574848d61b4ebfb
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Feb 7 02:12:43 2013 -0500
* IKEv1: ike fragmentation should not use st->st_suspended_md
This code is based on racoon code, which strongswan also uses, and they
all make the mistake of using sizeof(struct ) and offsets for wire format.
Simplify the handling of the non-ESP Marker using NON_ESP_MARKER_SIZE
Rename and moved variables to reduce their scope
Don't rebuild the ISAKMP header for the IKE fragment from scratch, but
use the existing IKE header, with small changes.
Retrieve the stored unfragmented IKE packet from st->st_tpacket not from
st->st_suspended_md.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit f70a8b95a38208a5056842212d95198bbc745302
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 7 00:21:06 2013 -0500
* pluto: send_packet/send_frags mixed architecture/wire formats
It was using size(u_int32_t) instead of 4 octets for the RFC-3948
Non-ESP Marker. So instead, define NON_ESP_MARKER_SIZE and use that.
commit b109e580725f4e1f8b8fe070b80e12d2a529dab1
Merge: f350553 a4e9e16
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 6 23:12:23 2013 -0500
Merge branch 'fragmentation' of vault.libreswan.fi:/srv/src/libreswan into fragmentation
commit a4e9e16e8a2d3fdf6fa6a4b1e2ad674447fe042e
Author: D. Hugh Redelmeier <hugh at redsquare.mimosa.com>
Date: Wed Feb 6 23:10:04 2013 -0500
* check for impossible buffer overflow
commit 562df17d161c4d27bce75b2bbb898daffac8e2c2
Author: D. Hugh Redelmeier <hugh at redsquare.mimosa.com>
Date: Wed Feb 6 23:06:58 2013 -0500
* remove unused variable "env" from lsw_conf_setdefault()
commit c0b6f35116123c66b58b07bfaf3d90da74a121ab
Merge: 3b03abe 076839a
Author: D. Hugh Redelmeier <hugh at redsquare.mimosa.com>
Date: Wed Feb 6 22:26:14 2013 -0500
Merge branch 'master' into fragmentation
commit f3505532c6bb6eb7242b451d4086966785714785
Merge: 3b03abe 076839a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 6 22:24:12 2013 -0500
Merge branch 'master' into fragmentation
commit 076839aee85d4ba84950f69c933bfd60fa7ae6fc
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 6 22:21:11 2013 -0500
* Somehow TAGFILES got deleted, breaking make tag
commit 9237371195c1227bd02abd417d9f10dd7a210ac4
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 6 20:45:28 2013 -0500
* disable x509 check in dotest.sh
commit a32ff76095b100f9c0fdd4e98a15803ffec30866
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 6 16:42:31 2013 -0500
* pluto: remove unneccessary and incomplete check for msg.xauthby
commit 79a86c3ecf6b10c034164c7645392c6e0b1acf30
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 6 16:41:34 2013 -0500
* whack: add labeled ipsec options to whack usage
commit 0d059db5cdb639d8f1869a70ab9ad5941b1c1a3f
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 6 16:38:50 2013 -0500
* pluto: Show labeled IPsec information in ipsec auto --status
commit a7966d0db6311022a69671b4cd46409f6d6f745d
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 4 22:44:05 2013 -0500
* mtustr was capped at 8 chars, not 16
As the compiler wisely told us:
In function ‘snprintf’,
inlined from ‘show_one_connection’ at /source/programs/pluto/connections.c:3458:10:
/usr/include/bits/stdio2.h:65:3: warning: call to __builtin___snprintf_chk will always overflow destination buffer [enabled by default]
This cannot be exploited other than by whomever can edit the local ipsec
config, at which point you can already set leftupdown=/some/script that
runs as root. Still, not good :/
commit abddae19625495f5de4d8a8e56cbd45ed9a96a22
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 6 16:31:51 2013 -0500
* plutomain: factor out pluto_init_nss() in static function
commit 967e300896d74986b7d59a45f7f2481418814bd0
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 6 16:25:36 2013 -0500
* X509: Allow CRLs to be on TLS/SSL resources
We were initiating libcurl without SSL support.
commit 3b03abe786296f30d8e81128aac249a926d6be5f
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 5 13:35:40 2013 -0500
* describe IKE fragments better now we know the fields
commit 0042cc156e14712fa0da00d8ee716357765ee22e
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 5 10:39:03 2013 -0500
* send_frags can be static, fill in a little more of packet format.
commit 976ef3b1ee9430a107509a0a4f42f02596d1aa53
Merge: 3eeb304 f0dce92
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 5 10:31:10 2013 -0500
Merge branch 'fragmentation' of vault.libreswan.fi:/srv/src/libreswan into fragmentation
commit f0dce92c26df14561bac81ab0e530fb6794fa5d9
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Tue Feb 5 15:11:32 2013 +0100
* fragmentation: fix for libreswan <-> libreswan interoperability
When libreswan communicates with libreswan the ike fragmentation will
not start, because SMF_RETRANSMIT_ON_DUPLICATE is not set in case of
retransmission MAIN_I3.
Only call send_frags when send_packet is called for ike fragmentation.
commit 3eeb3047634c586c8ca69e46c7676dc6382c679f
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 4 22:44:05 2013 -0500
* mtustr was capped at 8 chars, not 16
As the compiler wisely told us:
In function ‘snprintf’,
inlined from ‘show_one_connection’ at /source/programs/pluto/connections.c:3458:10:
/usr/include/bits/stdio2.h:65:3: warning: call to __builtin___snprintf_chk will always overflow destination buffer [enabled by default]
This cannot be exploited other than by whomever can edit the local ipsec
config, at which point you can already set leftupdown=/some/script that
runs as root. Still, not good :/
commit 7cf0ba6ab21d858145de298490bc298f78464767
Merge: e65eafa 8cae519
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 4 20:21:28 2013 -0500
Merge branch 'master' into fragmentation
commit 8cae51971c52925384f93c9a56b4ad765573b377
Author: Antony Antony <antony at phenome.org>
Date: Tue Feb 5 02:44:49 2013 +0200
*testing : basic-pluto-11 good output
commit 9fa23bcf910d2f4a6f5464bccd243713099b03bc
Author: Antony Antony <antony at phenome.org>
Date: Tue Feb 5 02:38:38 2013 +0200
*testing basic-pluto-01 fixes. need a bit more sanitizing. an output for reference
commit fb5d299c8eb1f0fac60477c6b0094a9ee6882c00
Author: Antony Antony <antony at phenome.org>
Date: Tue Feb 5 02:34:32 2013 +0200
*testing : use san-build and isntall
commit 7d5904abf3027db6af0924c0257e77a17f88d1de
Author: Antony Antony <antony at phenome.org>
Date: Tue Feb 5 02:13:51 2013 +0200
*testing : xauth-pluto-12 final.sh add shutdown
commit 63d97568110a4acfb6c5eb1e735f7bec87606b43
Author: Antony Antony <antony at phenome.org>
Date: Tue Feb 5 02:12:17 2013 +0200
*testing : fix auth-pluto-12 (almost, modecfg works. However, i see packet loss 1 packet?
host-ping-sanitize.sed allow variable packets in and out
commit e244e7df64ed8b73ab43762ea2b2d1c2da9547aa
Author: root <pwouters at redhat.com>
Date: Mon Feb 4 13:19:22 2013 -0500
* updated changes
commit 361a04404523ce632018b359e04db0aef304e017
Author: root <pwouters at redhat.com>
Date: Mon Feb 4 13:17:52 2013 -0500
* starter: auto=route and auto=start only performed auto=add [Wolfgang]
We only loaded the connections, we did not route or initiate these.
This was previously done by the shell script _plutoload, which was
obsoleted in libreswan 3.0
commit e65eafa3634d3bf8815390d712a919c2d65d27cf
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Mon Feb 4 16:41:02 2013 +0100
* XAUTH: remove modecfg* from sa_policy_bit_names
They were only removed from pluto_policy in commit c015d1a038546a5c32d9a36d16462d490108e254.
commit 8f1839f315211eb24fda3d6e86ae23082367b49c
Merge: 829065e b6f2854
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 2 15:59:06 2013 -0500
Merge branch 'master' into fragmentation
commit b6f28549c2dea311ea80491993d50f17f4780bc8
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 2 15:58:06 2013 -0500
* repair previous commit
It is st->st_connection, not st
commit 829065e85e857f6d87c76e724ab2b8211ffe3b7c
Merge: bcaf1b7 c78e93e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 2 15:44:54 2013 -0500
Merge branch 'master' into fragmentation
commit c78e93e7d9a2b3f25d5380af59015307cd532b2d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 2 15:44:21 2013 -0500
* XAUTH: Only try to update resolveconf/restoreconf when XAUTH client
commit 86c1242a6440d751ae1c3d6dd114b0f73ecff4ec
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 2 01:58:03 2013 -0500
updated changes
commit c015d1a038546a5c32d9a36d16462d490108e254
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 2 01:41:04 2013 -0500
* XAUTH: modecfgdns* parameter was broken, modecfgwins* removed
The modecfgdns1/modecfgdns2/modecfgwins1/modecfgwins2 were never
properly working using libipsecconf. They only worked when you used
whack directly.
Someone (properly me) put these in as KSCF_MODECFG* instead of as
KSF_MODECFG*, so the parser was looking for left/rightmodecfgdn1 etc.
While fixing these, I removed support for XAUTH WINS, as that died a
decade ago.
We had defined POLICY_MODECFGDNS1 etc apparently as policy bits that
would determine if we would send these options, but then they were
never queried ever, so I removed them. It's quite obvious when you
need to set these, namely if we are an xauthserver and modecfg_dns1=
is set.
libipsecconf got compiled without XAUTH because it was not being
added to the CFLAGS when USE_XAUTH was set. So none of the parsing
code was reading the code I wrote to read these options.
(the only reason xauthby= ever worked was because it was _missing_
and #ifdef XAUTH)
Parsing of the modecfgdns1/modecfgdns2 keywords as kt_ipaddr also
gave some problems because ipaddr processing was really only done
for the left/right parts of the connection. The easier fix was to
change these into kt_string, and when reading the struct starter_conn
information into a struct whack_message, do the tnatoaddr() conversion.
If the IP for this option is bogus, we ignore it and continue.
modecfgwins1/modecfgwins2 is now kt_obsolete, and they were removed from
whack, the xauth sending xauth attributes code and the man pages.
The ipsec auto --status was updated to show the xauth information better:
000 "test": 76.10.157.69<76.10.157.69>[+XS+S=C]...5.6.7.8<5.6.7.8>; unrouted; eroute owner: #0
000 "test": oriented; my_ip=unset; their_ip=unset;
000 "test": xauth info: my_xauthuser=pwouters; their_xauthuser=[any]; dns1:1.8.8.8, dns2:3.8.8.8;
000 "test": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "test": policy: RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+IKEv2ALLOW+ModeCFGDNS1+ModeCFGWINS1;
000 "test": prio: 32,32; interface: virbr0; metric: 0, mtu: unset;
000 "test": dpd: action:clear; delay:0; timeout:0;
000 "test": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
commit 16548119c880df68971f382751d584e3a60f51a9
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 1 22:22:58 2013 -0500
* libipsecconf: remove another leftover used for manual keying
commit c298aa30aa4bff596210f2f3b5364ae9d012eda9
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 1 11:41:35 2013 -0500
* updated changes
commit 187cee68e25547102699afbe522eaf081261a017
Author: Matt Rogers <mrogers at redhat.com>
Date: Fri Feb 1 11:38:59 2013 -0500
* #53: ipsec auto --status does not show phase2 parameters
when using (unspecified) defaults
Not specifying phase2alg= leaves c->alg_info_esp NULL so the rest of the
information was being skipped, when c->alg_info_esp was only needed to
determine the pfsgroup in whack_log. Relocating the pfsgroup determination
outside of the whack_log functions will let us see the rest of the info
even if the pfsgroup is unspecified.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit b9994a9657f7b847cc66fb1ba6cf2f482c5d0542
Merge: 31645a3 8a2a75d
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 1 11:14:09 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 8a2a75dbaeadc606e0f8c7bd53e193992734db98
Author: Antony Antony <antony at phenome.org>
Date: Fri Feb 1 10:10:50 2013 +0200
Revert "*debug: add debug lines in set_cur_state macro"
This reverts commit 3b0d6c99385d8b97efc75e5be52231353fdf0652.
commit 31645a3f77a0d71855e14fa6c51fc6bffd720c85
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jan 31 22:04:21 2013 -0500
* fixed typo in log message
commit bcaf1b74b984ab831c1c47e102b8269925afd522
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jan 31 14:48:03 2013 -0500
* testing: updated testcase psk-pluto-01
commit 916d033154971eec2774913b70c5cf6b443e0bf7
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 30 22:39:03 2013 -0500
* fragmentation: when we cannot access the md, pretend we sent it.
That way, on the next retry we have access to st->st_suspended_md
commit f301123d377c3eb0252b31498466349d40c8dd87
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 30 22:33:50 2013 -0500
* testing: added more x509-pluto-frag-0* tests
x509-pluto-frag-00 is used to confirm filtering UDP fragments
will cause problems. Both ends have ike_frag=no
x509-pluto-frag-01 is using the default policy of ike_frag=yes that
should send/receive ike fragments by both west and east.
x509-pluto-frag-02 uses ike_frag=force on west and ike_frag=yes on
east, so it should send out MAIN_I3 in fragments on the first go.
x509-pluto-frag-04 has ike_frag=yes on west, and ike_frag=no on
east, so west will not see the VID and should not send fragments.
commit c959ed4f730d22d6f05d15682c6e2315391eeba8
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 30 22:30:33 2013 -0500
* testing: added more x509-pluto-frag-0* tests
x509-pluto-frag-00 is used to confirm filtering UDP fragments
will cause problems.
x509-pluto-frag-01 is the default policy that should send/receive
ike fragments
x509-pluto-frag-02 uses ike_frag=force
commit 2cb636012906a02133e487d7456f7ff8b8b71675
Merge: d53aaa1 4dd3f22
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 30 10:50:01 2013 -0500
Merge branch 'master' into fragmentation
commit 4dd3f22621e839a668520829fb682a13eb0b8f28
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 30 10:48:32 2013 -0500
* nat-t: add DBG_NATT debug line before send_packet()
because send_packet is called with verbose FALSE
commit 7ba8d8e15f10d8c36bdd890873e9161dc9c6cb0d
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 30 10:46:21 2013 -0500
* pluto: log ikev2-responder-retransmit in send_packet like IKEv1
commit d53aaa18c97c8284983d3502abc35ec5ac6c8bfe
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 30 10:48:32 2013 -0500
* nat-t: add DBG_NATT debug line before send_packet()
because send_packet is called with verbose FALSE
commit 9ca9fabee9101d9650338ed71d057683e320b44f
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 30 10:46:21 2013 -0500
* pluto: log ikev2-responder-retransmit in send_packet like IKEv1
commit 148db9aeaa77d6b4b06b1593faa7756847adf677
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Wed Jan 30 13:59:04 2013 +0100
removed unneeded debug log entry
commit db441734c920eb0fb2fd1d728abb4dc2a1a181f7
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Wed Jan 30 13:55:03 2013 +0100
- also send VID_IKE_FRAGMENTATION when we are the responder
- increasing numvitosend must be done before adding the first vendorid, otherwise it never adds the rest
(alternative put the always sent dpd vendorid at the end and set next=ISAKMP_NEXT_VID on all vendorids before)
commit a6950dc2f22b8db605514ddab40251eab0205acc
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Wed Jan 30 13:49:16 2013 +0100
removed duplicate ike fragmentation vendor id, racoon called it broken Microsoft ID: FRAGMENTATION
commit fc4d8a23d3e604b9804d5ffd24423e19611b8cab
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 29 23:53:58 2013 -0500
* testing: x509-pluto-frag-01 test case
commit ef813c5bf39f2e778b105e0ce8923a009af56036
Merge: 19c89df 347eb50
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 29 23:49:14 2013 -0500
Merge branch 'master' into fragmentation
commit 347eb5024267bb6b32289e5b547aa4e209d6a7d1
Merge: b0b75ac 140d85a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 29 23:48:55 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit b0b75ace1bca3b3274b2956235a57a4e5e238a88
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 29 23:48:34 2013 -0500
* testing: add fragmentation test to list
commit 140d85a0ea607c1e39d82573f493984c98191bcb
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 29 15:58:54 2013 -0500
* pluto: Don't print empty XAUTHuser value in IPsec established
commit 08a719c28180371b051034751f3a3ec18fa7cb01
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 29 14:27:24 2013 -0500
* testing: x509-pluto-01 was missing secrets files to load cert keys
commit 82fbbebbe2cb7355286fee1d5449dea921a653f8
Merge: 49cb8a8 02418cc
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 29 14:00:56 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 49cb8a8869fd6a3d8deceaebc99c908ddc9b78de
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 29 14:00:29 2013 -0500
* testing: add missing config files for x509-pluto-01
commit 19c89dfcd2ae43f0f88b649ca5576afbd19f7ca0
Author: Copyright (C) 2013 Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Tue Jan 29 13:40:09 2013 -0500
* IKEv1: Support for sending IKE fragments
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 02418ccfaea8c1cf86af890fb01200e467bf342c
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 29 00:04:08 2013 -0500
* WIP: testing: started to merge testing/libvirt/install.sh into Makefile
- So we can call it using "make check".
- testing/utils/lswan-check is using the libvirt python module
- testing/utils/virtinstall-base is broken of into a shell script for better
(unbuffered) viewing
- networks and vms slightly removed to make python code easier
- Only add networks/vms not already in existence (unless --force)
commit 91e0e001530a485cf61bd9afd5f580bf6f0c208a
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 23:42:13 2013 -0500
* testing: Added generated testing/x509/* content to .gitignore
commit 39bcf9919ac3537ff76107f77045b19279cda2b5
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 23:39:49 2013 -0500
* testing: dotest.sh aborts when dist_certs has not been run
commit 072ab86c96187dd8a8d151ea44c4bf41b449561a
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 23:36:12 2013 -0500
* testing: swan-prep Load the other side's public certificate
On east,west and road we import the public cert of the other two
machines. This ensures we can run leftcert=XXX and rightcert=XXX
for the X509 tests that do not use the CA.
commit 11d07dfcaf7833859bbb1337bbb80adb88ebf221
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 23:06:09 2013 -0500
* pluto: don't try to load non-existing AA certs
This removes an error from startup:
Could not change to directory '/etc/ipsec.d/aacerts': No such file or directory
commit 3406966c3f21e2a591696f4eccdb64543b47d36e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 22:55:40 2013 -0500
* testing: dist_certs was not generating PKCS#12 files for special cases
commit b406ac60d903cab951d53945a2a87201d669c0ca
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 22:54:35 2013 -0500
* testing: swan-prep fixes
- Import certs from /testing/x509/pkcs12/mainca/
- Convert pidof string to int for os.kill()
commit a0d60b6756c48a6ed1fd5b640b1f5d7aa7a38955
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 22:53:39 2013 -0500
* ipsec look: display NSS certificates
commit b02f2fb8d38f8d2533523061b8575fd4862dd339
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 22:27:06 2013 -0500
* testing: dist_certs Fix PKCS#12 generation, work with any cwd
- pushd / popd into the directory containing dist_certs so it can
be run from anywhere.
- The CA friendly name apparently cannot contain spaces or openssl pkcs12
just fails with a usage error.
commit c06224afd4f28c5f8639e56ca94f272ea05121b7
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 22:19:40 2013 -0500
* testing: runkvm.py support for --x509
Read testparams.sh to see if X509=yes, if so pass --x509 to swan-prep
commit ebf7be3be679acc2dd6a76e9e8b4425e46e97de7
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 22:16:45 2013 -0500
* testing: fixes to dotest.sh
- Typo fix for LIBRESWANDIR
- Use the presence or absence of *run.sh to determine INITOATOR
(and not *init.sh because responders have an init.sh file too)
- Set the testname based on the pwd of the test using basename()
commit 754d12d3b40c97f34f5a9c3386efd1adf567ebcd
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 22:13:58 2013 -0500
* testing: CA rename and no longer copy generated files into testing/baseconfig/
We now read the files from testing/x509/* so they don't get into git
dist_certs now calls the main CA "mainca" instead of "ca", as the Friendly
Name of the CA was "ca" which was getting confusing, especially because
the country is also ca.
commit 844a92b21baed175466336a9ab4821dfe52f03eb
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 22:13:15 2013 -0500
* testing: updated x509-pluto-01
commit 86488332c58e7d68f46414eee7cb5f9a3b6a97ae
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 22:10:02 2013 -0500
* testing: swan-prep functionality extended
- kill all IKE daemons (strongswan, racoon, shrewsoft as well as pluto)
- unload NETKEY and KLIPS stacks using _stackmanager stop
The above no longer needs to be in the individual test case *init.sh files.
- added --x509 option to force adding x509 certs into NSS
- testparams.sh is checked for X509=yes and if so certs are added to NSS
commit 163a8c36707a282c2eb0ba20e38157044cfb4f59
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 17:53:55 2013 -0500
* testing: cleanup X509 generation and output
commit b78c10ed3dc0b718b50766578a4ab613e5a372f2
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 27 11:40:33 2013 -0500
* put find_ifaces() back to where the testcases think it should be
commit bd04be397fbfb4c7049919121833e8a4e61df039
Merge: 6dd4196 b47b6c9
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Jan 26 19:51:02 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 6dd419682c44117fc5dc4cb83b73659da9393d4e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Jan 26 19:14:20 2013 -0500
* testing: two configurations to compile pluto for testing
minimal: disable everything but NETKEY
everything: enable everything except taproom and dmalloc
commit b47b6c97f7a11ff73f6f77bb0dece52bec0f9ac1
Merge: 6969ded 48cb493
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 27 02:13:29 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 6969ded5e123f1dcf56ac4ceee74db729e05bbe1
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 27 02:12:50 2013 +0200
* testing: cleanup test basic-pluto-11 good
commit 4fa3a57ece83dfefa57543bb4123b84c388add7b
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Jan 26 19:11:43 2013 -0500
* taproom: minor fixes to taproom
Fixed some missing "goto" statements for taproom. Ifdef'ed the
TCL calls in IKEv2 as they have never been tested or run (taproom
predates ikev2) - but programs/pluto/tpm/ needs to be fixed or
removed. (I think removal is best - code hasn't compiled or run
since about 2007, no one uses it)
commit 562a433a4719b4f556ba0e201f84980d656d60d8
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 27 02:10:41 2013 +0200
* testing: ping-sanitize.sed fix
commit 7e10c81840750c3a76b209e401a9a029ad069c83
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Jan 26 18:53:51 2013 -0500
* XAUTH: missing ifdef's around two blocks dealing with XAUTH
commit 48cb493736a9672d3c96cf1a74eeb6a17d5c7c94
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Jan 26 18:35:51 2013 -0500
* testing: runkvm.py aborts on all missing python modules now
commit 5c336c8c3620e8e72ad26bfdfb0f3b34caf609c7
Merge: 1bd333a 9ac4101
Author: Antony Antony <antony at phenome.org>
Date: Sat Jan 26 22:13:25 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 9ac4101fe819d73dac1097bf88396452dd2169ee
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 26 11:59:20 2013 -0500
* status: slight change in output of ipsec auto --status
We used to only display metric and mtu when one of these were set.
We now always display these. The prio and interface were moved on
their own line with metric and mtu. This gives us more space for
our ever increasing list of POLICY bits to be displayed.
old:
000 "redhat": policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+XAUTH+AGGRESSIVE+IKEv2ALLOW+IKE_FRAG; prio: 32,32; interface: virbr0;
new:
000 "redhat": policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+XAUTH+AGGRESSIVE+IKEv2ALLOW+IKE_FRAG;
000 "redhat": prio: 32,32; interface: virbr0; metric:0, mtu:unset;
For OE, the DNS policies (+lKOD and +rKOD) are added to the policy line, but after the ";"
to avoid confusing thinking these are c->policy bits.
commit c4b8b3dd170f7b80458be857dfa8d18c24971af0
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 26 11:56:45 2013 -0500
* libipsecconf: Do not set key_from_DNS_on_demand = TRUE per default
For RSA connections, the OE settings turn this to TRUE if OE was
used, and false otherwise. However, for PSK connections this was left
at TRUE as well. Although it caused no harm it could confusingly
state "+lKOD+rKOD" in the policy for PSK connections.
commit a769227f37e8c320a3276e311aeb2b4c58b2abd2
Merge: 9ea8310 3b0d6c9
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 26 11:04:50 2013 -0500
Merge branch 'fragmentation' of vault.foobar.fi:/srv/src/libreswan into fragmentation
commit 3b0d6c99385d8b97efc75e5be52231353fdf0652
Author: Antony Antony <antony at phenome.org>
Date: Fri Jan 25 14:59:46 2013 +0100
*debug: add debug lines in set_cur_state macro
commit 84172f1a521f778f72f69bb0f4e1ed83409b18d5
Author: Antony Antony <antony at phenome.org>
Date: Fri Jan 25 14:59:05 2013 +0100
*plutodebug: add debug lines debug racoon MODECFG situations
commit 93454a6630726e35df3f57c80b798e4e957bce2a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 23 21:00:12 2013 -0500
* ike frags: Only log for controlmore, define MAX_IKE_FRAGMENTS 16
commit 5b7a8c3b8868be619742362c02b81820ecb2b203
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 23 20:58:52 2013 -0500
* ipsec: Add "ipsec start|stop|restart" as aliases to "ipsec setup"
commit 9ea831051e3aa50b3a8a23bf36ac6aa028d725e7
Merge: b29ddb4 6d27b65
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 23 17:11:46 2013 -0500
Merge branch 'master' into fragmentation
commit 1bd333af35fe20cef79d6093224c9c8f4a3d258d
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 23 21:54:39 2013 +0200
*testing forgot to commit with xauth-pluto-12
commit 6d27b6565b8c2cd9cc182630e166c10ca3b048d6
Merge: 16c37ae 9046a7d
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 23 21:05:57 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 16c37ae41b54d8284ac723fa5663668a30d03316
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 23 21:05:06 2013 +0200
*testing: to sanitize manually sanitize.sh . run from the test dir
commit ae81539a050ed110aa909eb3844e96e873c2562c
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 23 21:03:55 2013 +0200
*testing: known good output for xauth-pluto-12
commit 9046a7d3fc9d56760d0edc01d5f6c0f6e2543336
Author: Kim B. Heino <b at bbbs.net>
Date: Wed Jan 23 14:32:10 2013 +0200
dist_certs: fix expect to wait until spawned child returns
Previous version waited for nothing and then killed the child, resulting
empty certificates. This fixed version waits until child returns, or
maximum of 10 seconds. Use "set timeout 60" if you need bigger timeout.
commit e919be630dc412afd249446d76ab183f7410485f
Author: Kim B. Heino <b at bbbs.net>
Date: Wed Jan 23 14:27:30 2013 +0200
dist_certs: it's not year 2011 anymore, fix future date calculation
commit 304ff5b77f44d17d1b725482040e863e119838bd
Author: Kim B. Heino <b at bbbs.net>
Date: Wed Jan 23 14:19:00 2013 +0200
dist_certs: remove tailing whitespaces
commit 7b7f32f107497dc938c53627e2981442f1d0fd8d
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 23 01:12:18 2013 +0200
*testing: more fixes to sanitizers timzone and kernel messages
commit 0f757eb3f0971fcc2270005dbe4e33b0559bf32f
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 22 20:42:57 2013 +0200
*testing: change output file names
commit fe27d8b9e002bf453ffb738ad4642d135501a528
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 22 20:41:50 2013 +0200
*testing: good output for psk-pluto-01
commit 0840c0c27b225cfbff37613668214fba2947b2d5
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 22 20:38:55 2013 +0200
*testing: reame output files
commit 6a891802852671fe19203122adc010a2d9b30831
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 22 17:29:01 2013 +0200
*testing: fixing psk-pluto-01 for sanitizing
commit fc84a75fd7fdeb2f61585cd42ebae25a49133493
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 22 17:28:01 2013 +0200
*testing: consolediff sanitizer after a run
commit db9d010c01c16a7871e507f59b262647deb1c009
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 22 17:26:34 2013 +0200
*testing: update sanitizer to cope with kvm
commit b29ddb46a32acee5523a806f9c3dcde476aa7dad
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 23:54:25 2013 -0500
* updated changes
commit b9d8758fc681b317e92bcce49e5956a6d0e6902f
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 23:23:21 2013 -0500
* testing: added interop-racoon-iphone5-nonat
This test, once completed, will test interop with iphone5's racoon
using the Apple default of ike_frag force; on the racoon side.
commit 88e33b64be8a5c439d51ac75f5a243bbabf989e4
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 23:16:36 2013 -0500
* IKEv1: Support for receiving IKEv1 fragments (not RFC)
added support for incoming fragmented ike packets to solve iOS6 (iphone)
problems. This is often the case when large X.509 certificates are used.
Some third-party vendor devices, such as firewalls configured for stateful
packet inspection, do not permit the passthrough of User Datagram Protocol
(UDP) fragments in case they are part of a fragmentation attack. If
fragments are not passed through, Internet Key Exchange (IKE) negotiation
fails because the intended responder for the virtual private network (VPN)
tunnel cannot reconstruct the IKE packet and proceed with establishment
of the tunnel.
This feature provides for the fragmentation of large IKE packets into a series
of smaller IKE packets to avoid fragmentation at the UDP layer.
This feature provides support for Cisco IOS in terms of being a responder in an
IKEv1 main mode exchange.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 326d7fa345c73eae94041c2db634290688153ffe
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 22:54:06 2013 -0500
* pluto: Add support for ike_frag=yes|no|force keyword
This adds the option to the parser, along with two policy flags
POLICY_IKE_FRAG_ALLOW and POLICY_IKE_FRAG_FORCE
We send the fragmentation vendorid except when ike_frag=no
Processing of fragments and sending of fragments are not yet
implemented with this commit.
VID_MISC_FRAGMENTATION renamed to VID_IKE_FRAGMENTATION
commit 4e78b421379a9c34f78a015b328395230c199374
Merge: de2f1f5 a38479b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 22:18:01 2013 -0500
Merge branch 'master' into fragmentation
commit a38479b931dcf4b000a3ba7fe0ead353c9978e17
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 22:10:32 2013 -0500
* libipsecconf: policy misuse due to type change from int to lset_t
Some code is still using policy as if it was an int, but it is an lset_t.
This would cause problems for every policy bit > 31, which up to now was
only the SAref tracking policy bits:
POLICY_SAREF_TRACK = LELEM(32), /* Saref tracking via _updown */
POLICY_SAREF_TRACK_CONNTRACK = LELEM(33), /* use conntrack optimization */
But I will be adding the IKE fragmentation policy flags, so this
became an issue in confwrite.c.
The assumption that c->policy is of type int is probably all over the
code and needs a thorough review.
commit 777f76e74487c7446290fbdaab7387e4397a54eb
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 22:04:23 2013 -0500
* whack: C is not python - cannot do switch() over non-int
commit 6593c9c9a68ececaf7d1ebda1a8163e1c7ac0576
Merge: c330b64 22da35c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 21:55:35 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 22da35cb1df8b2c6b49af881fa7251a89d054fa5
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 21 20:56:08 2013 -0500
* XAUTH: expose xauthby=alwaysok to "ipsec whack"
ipsec whack [...] --xauthby XXX did not yet support "alwaysok"
commit c330b64f19235d511d65f8f9703ce62174dfd9d3
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 18:16:13 2013 -0500
* clarify a break statement with a comment
commit de2f1f5dc3d6ef9dccb3fdffad976a115b9b9f0d
Merge: 7c3ba62 32dc901
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 17:14:43 2013 -0500
Merge branch 'master' into fragmentation
commit 32dc9011475009f7731f1ba405e91f7554a08ed5
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 21 14:49:42 2013 -0500
* man page: added note on systemd to plutorestartoncrash=
commit 83e5a088d5437b971fd4293151cb326b89894177
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 21 14:33:09 2013 -0500
* pluto: Do not attempt to open a logfile if none is configured
commit 953da179c961aa1e77c7439affaba1a5b24337bd
Merge: 608d435 18eb872
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 21 14:12:40 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 608d435ce5f39403d7f0182b7f0310a2d77dc3b1
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 21 14:11:26 2013 -0500
* testing: net.ipv4.conf.eth0.rp_filter was missing from sysctl.conf
We disabled rp_filter in testing/baseconfigs/all/sysctl.conf for
all but eth0.
commit 18eb872e6d64256d3a4b5002912529195ce063a8
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 21 02:44:53 2013 +0200
*testing: cleanup basic-pluto-01 to run final.sh
commit fe757536dfffd05cf69f95a0c4363ba47671080b
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 21 02:43:32 2013 +0200
*testing: run final.sh
commit 0f36fe2f89faca0c3b65c35dc842206e4fa85f2c
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 21 01:03:29 2013 +0200
*testing: paul's changes ping sanitizer
commit 4f5186a00e8bb5780ea5b478de44896002f93529
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 21 01:01:42 2013 +0200
*testing: don't send emptly lines from *init and *run
commit 6c98431c9e94c141d926d6c85bb7ca701fb5bdc0
Merge: a5668a4 3ed96dc
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 20 12:26:53 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a5668a45b2778ac9050996db427a739490731227
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 20 12:25:17 2013 -0500
* updated changes
commit cf4343357b22a484c1f441eddebe6bd5d786340f
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 20 12:24:24 2013 -0500
* addconn: If no protostack= is configured, return "netkey" as default
commit 3ed96dcb3030905c4109c7da5042a5e0cc46b3d8
Merge: cb2ffa7 1001e39
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 19 18:40:47 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit cb2ffa7ee4b04f602889f5c0f88770985c3b04ae
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 19 18:36:01 2013 -0500
* pluto: show orientation with ipsec auto --status
When a connection is not oriented, the display of such a connection
in ipsec auto --status is 'undefined'. One side is called "left" without
any real proof. As such, one could not see the difference between a
properly oriented connection, and a unoriented connection that just
happened to look the same. This adds an entry to the output that will
state "oriented" or "unoriented", eg:
000 "redhat": 76.10.157.69[@RH-standard,+MC+XC+S=C]---76.10.157.65...66.187.233.55<vpn-rdu.redhat.com>[MS+XS+S=C]; unrouted; eroute owner: #0
000 "redhat": oriented; myip=unset; hisip=unset;
000 "redhat": xauth info: myxauthuser=pwouters;
000 "redhat": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes
000 "redhat": policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: virbr0;
000 "redhat": dpd: action:hold; delay:30; timeout:60;
commit 1001e39467063126362df7f869f60e9bf870b618
Merge: 49edd0c de7c4a4
Author: Antony Antony <antony at phenome.org>
Date: Fri Jan 18 16:00:28 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 49edd0c0f097881e71369a392855fb8b437d110a
Author: Antony Antony <antony at phenome.org>
Date: Fri Jan 18 15:59:39 2013 +0200
* testing: use stty --echo in runkvm.py
commit de7c4a4ce86f4b730dad94b1fd7d63a63eb04f38
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 17 17:45:59 2013 -0500
* manual: Remove last remnants of manual keying from man pages
commit 7c3ba626f9fee80e08ecdc28f226b4445acb79a6
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 16 13:22:13 2013 -0500
* IKE: Add cisco IKE fragmentation next payload pointer
This also renames the NAT draft payloads in their proper name,
and clarifies the 'relocation' comment, which is really about
the payload number change between draft (130,131) and RFC-3947 (20,21)
commit 3930ef11a43baf3b765c87c19580452bc3e3e32f
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 16 11:26:30 2013 -0500
* updated man page for compress= and regenerated it
commit 8cecd371007e9c5d8c9df5ccd7909e9ff282e576
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 16 11:16:00 2013 -0500
updated changes
commit 7cf80a87d4d7f1e13ce0bff7d855f7707b3ca863
Author: Matt Rogers <mrogers at redhat.com>
Date: Wed Jan 16 11:13:30 2013 -0500
* #8 honour compress=no option
Due to increased security concerns of mixing compression with encryption, in
light of the BEAST like attacks, we no longer always accept ipcomp as we
did before. It needs to be explicitely set using compress=yes
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit f3a57a1ab4bd66bbb6df0198ee1e750e9b6cb82e
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 15 23:22:16 2013 -0500
* Missed a KLIPS -> KLIPS24 reference in make output
commit a6610e143bfe94aa79258ba59cbdbbc5cff7f09d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 15 23:21:49 2013 -0500
* updated changes
commit 635ad927c648a2a26c79d4df6eb306e66f29f4cd
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 15 23:17:34 2013 -0500
* XAUTH: Added xauthby=alwaysok option
Setting xauthby to alwaysok causes the XAUTH authentication to always succeed.
This is useful to supoprt clients that require XAUTH, but for which no real
XAUTH usernames/passwords are provisioned. This is valid for some certificate
based deployments of devices.
The static function do_md5_authentication() got renamed to do_file_authentication(),
because it is using the crypt() call, which supports more then just MD5.
The man page has been updated to reflect this, and also adds a note about MD5 not
being available in FIPS mode.
A separate bug has been opened for a feature to set the xauth password file name,
instead of hardcoding it to /etc/ipsec.d/passwd.
commit f0f95e1465ac65a3b97794e3adc0cd806060ff6b
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 15 21:59:45 2013 -0500
* KLIPS: makefile switch some more "26" vs "24" strings
module26.make -> module.make
module.make -> module24.make
There are still some occurances of "26" left (which are misleading because
it is really "2.6 and higher").
While we need packaging/makefiles/module.defs I don't think it is actually used,
because per default we use MODULE_DEF_INCLUDE=[..]/packaging/linus/config-all.h
(perhaps with make kpatch?)
commit 27ff91db99fb969f9418ed5473bc449865dc4abe
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 15 21:57:51 2013 -0500
* enable crytoapi in packaging/makefiles/module.defs
commit 529779a83462a4d52f630bc214de58618d6df4f3
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 14 17:47:18 2013 -0500
updated changes
commit 1565fdc5c9c4963a0a052fac86d961bd38d34c42
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 14 17:46:29 2013 -0500
* pluto: log XAUTHusername in the "established IPsec SA" line
i.e.:
004 "redhat" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x7aacc5fa <0xa46a8a1f xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=none XAUTHuser=pwouters}
commit 5f188f90317d0275e0136527f68b9db40f686126
Merge: 62661d8 fe5a7bf
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 14 22:06:40 2013 +0000
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 62661d8be946f3087f8348d32b7470a21a17ce11
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 14 22:05:02 2013 +0000
*testing: TERM=dumb expect get less ANSI escape caharacters
commit fe5a7bf9eeeb96aeb2bfe3ca38b1f2dc66902bb5
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:48:45 2013 -0500
* testing: fix calls to swanprep to swan-prep
commit 051efa54ee0a3543a5308943a35c213ab001ea38
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:29:26 2013 -0500
* testing: missed swan-update softlink in /usr/bin/
commit b8410d2cb81c1e2ff841c47a08c91aa385a5ddf7
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:20:37 2013 -0500
* testing: softlink swan-* binaries in /usr/bin/ to avoid PATH issues
also rename all to be consistent with "swan-" prefix.
commit f5868559d64579649586dccda85a49267d0d758c
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:20:10 2013 -0500
* testing: swan-prep should first copy in baseconfigs then specific test files
commit 83bf302d261300dd7d2b7a0aeb31d41fb3e2eb10
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:18:52 2013 -0500
* testing: swan-install support for disabled service and selinux
- disable systemd from restarting pluto on crash
- restorecon /usr/local
commit 6b4074e986f36170073f8223fc326a50d8552c07
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:17:55 2013 -0500
* testing: swan-build deletes modobj* as well as OBJ.*
commit 64eec39b92b0d83dc22ede07b03f300094b92e11
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 14:58:11 2013 -0500
* systemd: Added RestartPreventExitStatus= line to ipserv.service file
Added a commented line:
This mimics the old openswan _plutorun script that read
plutorestartoncrash=no and if set, would not restart pluto when its exit
code was 137 (term) or 143 (kill)
This is not the default, because if we crash, we _do_ want to
get restarted.
commit e3a8d972f80124dde4b31ee87331b882f98b693d
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 14 17:48:29 2013 +0000
*testing: start nic if there nicinit. reboot before init.
commit 2430ea35fe155418d3442b304ca4e1bd86e15644
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 13 14:11:00 2013 -0500
* testing: Added testcases netkey-psk-vhost-0[1..4]
These test cases investigate the behaviour of subnet=vhost:%no,%priv
versus subnet=%vhost:%priv,%no with and without NAT on nic.
They also use a virtual_private=%v4:!192.0.2.0/24,%v4:192.0.0.0/8
which should NOT cause rejection.
commit a11921e1158b1199b3d9ebf3d63d3a94de0eef0e
Merge: ed88209 7376fee
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 13 12:15:10 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit ed8820992b3a8e3be3a46b789ab82b06a9b602a0
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 13 12:14:42 2013 -0500
* testing: added netkey-psk-pluto-06
commit 7376feedbe157f783ae9a9af8241439ffbd7f2a4
Merge: f720c79 7c9d8c5
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 13 17:37:48 2013 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 7c9d8c5c7eaa47aae821991a1e6b507291283be1
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 14:36:52 2013 +0100
Adding EOL when an EOF at EOL
commit f720c7923846d926e37aaa61f85e7e71ee4042b3
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 13 13:56:02 2013 +0100
*testing: road need 192.1.3.254 as nameserver
commit c7b217ffb4d1409a9cbbe1393a9b96b1b3d78b96
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 13 13:54:48 2013 +0100
*testing: runkvm.py namespace collision.
commit a4eb285b0d2f7f59c36b2f7fac8fc85ebc6ef93c
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 04:11:11 2013 +0100
find_ifaces() call moved from rcv_whack.c to server.c - Reason : for my roadwarrior test to work
commit a9037fbf620029f1989150985f54ff37454afe2b
Merge: 988551c 3660560
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 03:21:32 2013 +0100
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
Conflicts:
lib/libipsecconf/parser.l
lib/libipsecconf/parser.y
programs/pluto/rcv_whack.c
commit 988551cded876cd20eb2733df82e92424baeaa47
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 03:14:59 2013 +0100
Fixed up (not found) printf when addconn --verbose
commit 02a0d794787d6a526ca23436ffb644f6b18965f3
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 03:12:34 2013 +0100
find_ifaces() call moved from rcv_whack.c to server.c - Reason : for my roadwarrior test to work
commit 8ce117a706cfa4b1cfc3884f583fc26fada3df22
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 03:08:35 2013 +0100
Adding EOL when an EOF at EOL
commit 36605602d4681ec6343128d66d92f834f5338ad9
Author: Antony Antony <antony at phenome.org>
Date: Sat Jan 12 22:27:07 2013 +0000
*testing fix test cases. support running rw tests
commit 5bfd3b7623bf0d70fe3d7c0433a95e9ff161a33b
Author: Antony Antony <antony at phenome.org>
Date: Sat Jan 12 21:56:51 2013 +0100
*testing: improve runkvm.py compile and install options
commit 4b409089bbe9b64bd0fdf4372612d642b83fc447
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 12 14:49:24 2013 -0500
updated changes
commit 06e49a26ff8ef1b03ba0e8fb5a87d9bd1072f539
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 12 14:44:05 2013 -0500
* libipecconf: Improved missing EOL bug in parser.
This fix by Philippe improves the parser, so it no longer requires
read-write access to the file for parsing which was introduced in
the previous fix to avoid a segfault when parsing a file with no EOL
on the last line.
This was testing with pluto, addconn and readwriteconf, including the
relevant tests in itesting/scripts/readwrite*
commit 2bb6aca0e056db0bb5375eb0ff72c80c272c22ed
Merge: 45ac59f 4f1fa2c
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 12 14:37:45 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 4f1fa2cf06beb9d418e1a17c8417178990c30ebb
Merge: 9e11cd7 f9b1bef
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 12 14:33:19 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 9e11cd71ab6e16bf2875d1b18fc122c69b93b4da
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 12 14:31:12 2013 -0500
* pluto: move call to find_ifaces()
This implements Philippe's resolution for correct connection loading
at startup with the changed timing as a result of the new addconn
thread that pluto starts to load the connections that used to be
loaded using the _plutoload script started separately.
commit 45ac59f254de1d74eb4ec535af9375d9104d0ad1
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 10 20:53:07 2013 -0500
* testing: testcase readwriteconf-26 has no neol.conf
commit f9b1bef31d65c4c9d02d15aef7b7ff9006e6e85a
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Thu Jan 10 22:22:15 2013 +0100
addcon doesn't exit on EOF at EOL
commit 7fb81cf80b14b502181af27eb68547c83bed960d
Merge: e91c6a6 5eb2b6f
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 16:16:50 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit e91c6a6f028ca4c80c08f4282d0693699c76bcb2
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 16:14:05 2013 -0500
* testing: added iphone 4s racoon config within testing framework
This test is incomplete. But contains the racoon config extracted
from an iphone 4s. It is likely modified for using the apple keychain
to obtain certificates, so we will need to use the stock racoon
method for specifying the certificates.
commit 5eb2b6f06de240104cdf4dee4853f3a7aaa0fc3a
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 17:08:29 2013 +0100
* testing: removed eth3 from swanhosts.
commit 1d9067f16bb65141501435fbfd634cd4a2a1f752
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 16:47:52 2013 +0100
* testing: fixed an roadwarrior test psk-pluto-01
commit fdcf2fec989440a486dc33fe032b6ad0232d8048
Merge: 52aa7df c970c6f
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 14:46:24 2013 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit c970c6f0c9438b3267c3faa6e5262fbf51ac3629
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 11:42:05 2013 -0500
* bump default IPSECBASEVERSION in git to "3.0"
So git builds show up like: v3.0-66-gf3dd213-master which means
66 commits past version 3.0.
commit ee43c8d31f36865557d099a4c608d5ed5b77d9d9
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 11:38:45 2013 -0500
* Addded @BINSH@ variable to Makefile.inc (default /bin/sh)
This is used when building the systemd service file. This addresses
the issue of Fedora 16 not having /usr/bin/sh, which was the value
used in the systemd ipsec service file.
commit e72a77a38b2814fd05d2bd87f77e170cf28893a5
Merge: 41c6459 590ec24
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 11:32:52 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 41c64592b2dd6766fdd2073e71259e00a099ff60
Merge: 18b7f2c d0a13fe
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 08:47:57 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 52aa7df2a43a5c529697a6f896b5d5b8d2bb0ca8
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 14:45:15 2013 +0100
*testing: fix typo, dumplicate mac in swan13
commit 590ec24ddc945e10ac128b1bcfd4c16831fa3181
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 14:14:47 2013 +0100
*testing: add nic vm config for roadwarrior tests
commit d0a13fe3001cc34504f69837913a8e34bd790b5f
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 10:03:27 2013 +0100
* testing: adding compile on east
commit 18b7f2ca7433623c3e4e3e615186fa234c48252d
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 8 19:02:24 2013 -0500
* documentation: better document HAVE_OCF in Makefile.inc
commit f3dd21396c7b3383290bf06454f7dbda7a1c53e7
Merge: 83bdac7 2217bf3
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 8 17:49:31 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 83bdac7932097526ff5063614787fdb6cb6195f2
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 8 17:48:56 2013 -0500
* testing: add testcase for no EOL on last line
commit 99513b380392ff58b77a982d2035909fba174a39
Merge: ae49483 2e1e0db
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 22:01:53 2013 +0100
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit ae494838dfd124cedddd74bf9e6f775606bd5bea
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 22:01:06 2013 +0100
EOF at EOL condition; even better fix. Could SIGSEGV
commit 5ac8c4b45fd2b54d873668e77d85146f1c4e28d4
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:19:33 2013 +0100
Revert "To be checked by Paul with redhat connection"
This reverts commit 026705c5be4d3ed6958fa51d03ad6f9901bf548f.
commit cec871e3ca536880978c7c4ed1f536e8a1846f86
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:19:00 2013 +0100
Revert "This should fit Paul's redhat connection and match my roadwarrior tests"
This reverts commit dcbbbbc23e678aed68f95bdfbdcc81c4bc81b5d6.
commit 41abe31889f93cb1e29602156cb1c4656e8d37c2
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:18:22 2013 +0100
Revert "To be checked by Paul with redhat connection"
This reverts commit 9368dfa89508985b7c3ad4c9e1f2e263f81d45e6.
commit 30b22084a56c19fbabd036e8d8adc2d0a594671e
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:17:20 2013 +0100
Revert "* addconn: do DNS(SEC) lookup for case KH_IPHOSTNAME"
This reverts commit bfa4b9d76f19e7dd8d3736827f93f86a493eebca.
commit bc187be34fe05faff16b5c7f31588a8bbb664f31
Merge: 947ca83 da4c16f
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:01:21 2013 +0100
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit 947ca838b3836ea0ef690c9c79d6ed7334b7d5f2
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:00:18 2013 +0100
EOF at EOL condition; best fix
commit 31d2694e9283f86ab75509acae7a507dfdb4e99e
Merge: 6e6d76a f3dd213
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 20:53:30 2013 +0100
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 6e6d76a53a5dc06cd691fc8ad3179c44b1b58599
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 20:52:57 2013 +0100
don't ipsec setup start instead pluto ...
commit 2217bf3513781bf89009ea7038d81e141c81f487
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 20:51:57 2013 +0100
begining to add compile option
commit 2e1e0db6ae7a48dc2992f095e375b77cf79435b7
Merge: 32d9313 bc187be
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 18:47:35 2013 +0100
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 32d9313cc33ed24c2b5d4cec458ecc26f5b0ca40
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 18:45:31 2013 +0100
python swanprep instead of
source /testing/pluto/bin/eastlocal.sh
commit da4c16f95a38bf20bf6c55c39330b4400e48b9ba
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 16:32:53 2013 +0100
copy host specific ipsec.secrets
commit 905d4b6756d9c050275c429ff03c076ad4dab37c
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 7 15:35:51 2013 -0500
* testing: suppress warning on ipsec setup stop with no ipsec.conf
commit e5d4355651a1ffdabaa807d1f08820bade3120df
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 17:12:24 2013 -0500
* testing: enable core dumps for pluto
commit 978eddd32a1a17f052e18cc636eafb384dca0cbb
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 16:43:42 2013 -0500
* testing: we need yum update to get the latest nss (on f17)
commit 8a2238c8278b27822058e2e24be697909a59e798
Merge: c5dab95 e082c05
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 16:24:43 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit c5dab95adaf99a96299607fc0d1743ba4cb2c96c
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 16:24:15 2013 -0500
* testing: ensure pluto does not get restarted by systemd on crash
commit e082c05539e86485cfdbba97704b78bfe4215927
Merge: 75aa6e8 597cb26
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 19:16:55 2013 +0100
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 75aa6e8acbb7ff2c74af1b0cd528604262fb35b7
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 19:16:15 2013 +0100
add strace to fedorabase.ks
commit 597cb26a3165e6ad15d15a341f51ae4a4775137a
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 12:31:40 2013 -0500
* ipsec status worked but also said "unknown command" due to missing exit 0
commit ff5c9c22ab8fcb069f10f95d0b86d71aaaa3810d
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 12:28:26 2013 -0500
* ipsec setup restart on systemd calls stop+start, not restart
because systemd refuses to run the start part of restart when the
system is already stopped.
commit 1d2635cb14d719515a306e1049b0b72b959b5580
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 17:06:10 2013 +0100
fix the test. weired thing east also need up for PSK to work
commit 3d7a29f6500ad19affd0c2e0691da5bc06c93ccb
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 16:40:34 2013 +0100
link /tmp/pluto.log /testing/pluto/<test>/OUTPUT/pluto.<host>.log
commit 72d254d580c83e73d294b18a48204486aab8c8ed
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 15:44:45 2013 +0100
a basic ikv1 psk test without including all/etc/ipsec.d/ipsec.conf.common
commit 987b8c863eec4f9d4497e14b1efea593b594ec64
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 15:42:56 2013 +0100
copy general ipsec.secrets not specific one exist in the test dir
commit 76594a6d4e5cecdc8f608188143ef076221c7c6c
Merge: d079adc b8a6115
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 11:52:23 2013 +0100
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d079adc7e6cf5831deb6a35a1f9c2ac61f0adfaa
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 11:49:16 2013 +0100
added test case ikev2-11-simple-psk without any includes.
commit d2e9dfaf4fa1245bc1ce3a291c6e1eec23b5064b
Merge: 5dde459 b8a6115
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 19:32:33 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 5dde459768c3c803e465c5cc93f5a0a9595298d7
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 19:17:56 2013 -0500
* updated changes
commit b3251e764c31f670cc40cca1cf65f3d47148ae01
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 19:09:06 2013 -0500
* SAref patches for Ubuntu kernel 3.2.0-33.52 [Simon]
commit b8a611540148b5d3c8a589ff8ef4a2ca9af61d1c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Jan 5 03:02:42 2013 -0500
* remove log_with_timestamp_desired and add comment about _desired vars
We don't need the two-step setting from log_with_timestamp_desired to
log_with_timestamp, as there is no risk of using this before the
logging system is ready. As the comment explained:
* We read the intentions for how to log from command line options
* and the config file. Then we prepare to be able to log, but until
* then log to stderr (better then nothing). Once we are ready to
* actually do loggin according to the methods desired, we set the
* variables for those methods
commit 0b04fc41f88a1c98f1f771d2252ab052db707d1b
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 02:29:43 2013 -0500
* remove pluto loglog() function from showhostkey.c
Still needs some stubs due to other issues in lswlog.c but no
longer needs lswlog.h
commit a072b9fbaae120fa89db3cb2792104a12741f5b3
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 02:17:29 2013 -0500
* spi: cur_debugging has no place outside pluto/whack
commit 6077002d4c12290629216f4d1f7a66a1485241b4
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 02:12:17 2013 -0500
* plutoalg.c leakage of libreswan_loglog()
pluto uses loglog() while the rest uses libreswan_loglog()
loglog() needs programs/pluto/log.h but libreswan_loglog() needs
include/lswlog.h. Someone mistakenly did the reverse in plutoalg.c
and fixed it by including the wrong include file.
(note the logging drama goes much deeper, but the diffs I have to fix
that are not yet ready to push)
commit a5a4de54650ba38a076acd79e846513589bbc665
Merge: d3ebcb1 8c11315
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 02:08:40 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d3ebcb111dbc6f86b82440e1330f04419857b07a
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 02:07:23 2013 -0500
* pluto: was not logging all messages to file since libreswan 3.0
plutostderrlog= was not fully ported in, and not all logging
functions inside programs/pluto/log.c supported log_to_file.
commit 9e4a140daf7d43e43c76a297e130b88b9c5237b9
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 01:43:10 2013 -0500
* logging: vendorid leaked some info which should be under DEBUG only
commit 8c113159e19bfcc508ca1c5b281535313001159d
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Jan 4 11:36:57 2013 -0500
* Ensure the debian/ directory gets updated version numbers too
commit 491d38d625d2af9fb0d2a51329242d4c30f1d783
Author: Antony Antony <antony at phenome.org>
Date: Fri Jan 4 14:05:32 2013 +0100
added nss and unbound dependencies
commit 3a49276fb7d9d8edf8b1a2ca0d3752a256041851
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 3 14:05:06 2013 -0500
* update changes
commit dbf0e5be02ed7a214894c00275e867a1ca5fec03
Merge: 3bccac8 b0673a0
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 3 14:02:43 2013 -0500
Merge branch 'sa-stats'
commit 3bccac842565ae2e17915c629a356af2180ea23e
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 3 13:43:30 2013 -0500
* increase number of ike_info/esp_info entries
The alg_info_ike struct needed a bigger number in some cases
when 1DES was enabled (requires explicit recompile) causing a
crash. Bumped alg_info_esp while at it just to be safe.
commit 319bbfa0218e7151099555b64e2fa6f299b26775
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 2 01:32:01 2013 -0500
updated changes with release date
commit 35f5d410ef858429f5ad8adaa840ce134af14641
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 2 00:54:41 2013 -0500
* export IPSEC_CONF from the ipsec command
commit c00211359b44bf51a436a7189624843a7d14d4f1
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 2 00:05:37 2013 -0500
* install: sysvinit changes for non-default install
commit e9be5ea898425cfbd7f0bc3c76c1697c277789c0
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 23:43:21 2013 -0500
* setup: also calls addconn and needs --config for non-standard install
commit 5b07bf26b4dd79cb5f3e2d2f761b96766ba5767b
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 23:37:16 2013 -0500
* second call to addconn was missing --config for non-default install location
commit 27f9f668edfda3285e5e1377e15b0d65027f371d
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 23:09:48 2013 -0500
* install: fix non-standard ipsec.conf installation issues.
addconn needs to get passed the --config option, via the ipsec
command. The same for _stackmanager which needs the location to
find the stack type. And the same for the systemd service file
commit 85964c8e47376baee57b4fa65af6e1efaeca8b9b
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 21:48:29 2013 -0500
* packaging: minor cleanup of spec files. Fixups new stable URLs
commit 0077791721cb81106e71f19c3d713a5845f4a6df
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 20:09:02 2013 -0500
updated credits
commit f5de082b7cfaff96655983f1d3517bca40c5d621
Merge: a691bb0 e6b466a
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 19:53:29 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a691bb00933d47b82a730dc327da727f102af725
Author: root <paul at libreswan.org>
Date: Tue Jan 1 19:52:09 2013 -0500
* add note on AUDIT in changes
commit bfa4b9d76f19e7dd8d3736827f93f86a493eebca
Author: root <paul at libreswan.org>
Date: Tue Jan 1 19:50:18 2013 -0500
* addconn: do DNS(SEC) lookup for case KH_IPHOSTNAME
commit e6b466a5ab01398245600b571dec1434648d7d87
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 16:29:24 2013 -0500
* update example sysctl.conf with some ipv6 settings
commit 71ce7ed8f6496560653a835508ba91e048cd429a
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 30 12:55:40 2012 -0500
* disable USE_LINUX_AUDIT in main branch
commit 0eba202091d2962dc7e87d3640bcc97bfbf806eb
Author: Antony Antony <antony at phenome.org>
Date: Sat Dec 29 08:10:02 2012 +0100
fix typos and use distutils.dir_util.copy_tre
commit 6af4cfde44717ef431d457c0d3a042e97b4865f9
Merge: dcbbbbc e6ef9d1
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sat Dec 29 01:22:37 2012 +0100
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit dcbbbbc23e678aed68f95bdfbdcc81c4bc81b5d6
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sat Dec 29 01:21:19 2012 +0100
This should fit Paul's redhat connection and match my roadwarrior tests
commit e6ef9d159a06f620920ff3abf3f4a94743168c67
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 13:30:19 2012 -0500
* testing: ported ikev2-05-basic-psk to new swanprep testing setup
commit 6cd9251b1dadb39c40107e7592ecc04a009c9928
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 13:28:46 2012 -0500
* testing: swanprep: use -H for hostname, -h is builtin help with argparse
commit 62352c6649a617189c13a0efd361b4def542126f
Merge: 7a3d372 6d1a557
Author: Antony Antony <antony at phenome.org>
Date: Fri Dec 28 17:07:00 2012 +0100
Merge branch 'audit' of vault.foobar.fi:/srv/src/libreswan into audit
commit 6d1a55763fd15a435ca46aeb80b7418642d072ec
Merge: 6039d55 075fe44
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 29 17:37:30 2012 -0500
Merge branch 'master' into audit
commit 075fe4472f490f7c2fd28eb41388de5bfc8cbc41
Merge: 0c96eca f6b0288
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 29 17:37:19 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 6039d557dcbccd5c18c8d727f05ed69785d6f2bc
Merge: 97239a5 41ac859
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 29 17:36:57 2012 -0500
Merge branch 'audit' of vault.foobar.fi:/srv/src/libreswan into audit
commit 97239a5132c29684c550ac0265d068554f29b1bf
Merge: e9f5b59 0c96eca
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 29 17:36:21 2012 -0500
Merge branch 'master' into audit
commit e9f5b59fd936b065e929d33168277fbb393ac85e
Merge: 1a550e0 e8012e0
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 29 16:25:52 2012 -0500
Merge branch 'audit' of vault.foobar.fi:/srv/src/libreswan into audit
commit 1a550e0df67ed7ff1146e4e520e30759fd6d437b
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 29 16:19:23 2012 -0500
* audit: for now, let's not abort pluto on startup at audit failures
We will re-enable this once we have written mode audit code
commit 0c96eca4ab2d5870166906536944ba0a80b3e43e
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 29 16:14:48 2012 -0500
* Remove obsoleted IPSEC_EXECDIR env support
commit 6f5e0c485c1eb62fbbae35a6b9aac3f948811b13
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 29 13:11:18 2012 -0500
* Remove obsoleted $IPSEC_CONFS
commit 138ec347a2a0782b31c3056e028146f7c268ffca
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 29 12:57:45 2012 -0500
* Removed obsolete env var IPSEC_CONFDIR_VAR
commit c875af2274955285504ed4baabb5d46af49b20ab
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 29 12:54:27 2012 -0500
* removed obsolete $IPSECsyslog
commit f6b02885ac4368c20fc482c36c2133935497b41f
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 23:30:50 2012 -0500
* updated changes
commit 579494e03d5fbf1359742075cf264795eb943f3b
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 23:21:45 2012 -0500
* pluto: honour plutostderrlog= natively now _plutorun is gone
plutostderrlog=/some/file was implemented by the _plutorun wrapper,
which redirected pluto --stderrlog output to the named file, obtained
from awk/sed calls on ipsec.conf. pluto itself had no concept of this
log file location.
This introduced the log file location to pluto, and adds the --logfile
argument to the pluto daemon. It also processes plutostderrlog= from
any config file given with --config
commit e8012e0863cb484ae3bb32b144ab5d6cf3d312c0
Merge: acb0b41 6af4cfd
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 21:35:08 2012 -0500
Merge branch 'master' into audit
commit acb0b41b563ddc362c6b2866ab456b4df6341382
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 13:30:19 2012 -0500
* testing: ported ikev2-05-basic-psk to new swanprep testing setup
commit 7529be5cc53ead4e27a0e6bf7a34dddcae4d2b9f
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 13:28:46 2012 -0500
* testing: swanprep: use -H for hostname, -h is builtin help with argparse
commit 8ca77f767df5b8562baae7a0c4b582613921fd30
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 01:16:57 2012 -0500
* testing: run "swanprep" to copy testfiles to proper place in VM
commit dc2929575a2bb3b367ef9c6f8137f088ad48d97f
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 00:05:26 2012 -0500
* testing: source testparams.sh, not tparams.sh
commit 0f6dd6a0a4276a64be0bc844a1e5905ea194187f
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 26 17:02:53 2012 -0500
* fix override for using sysv not upstart for rhel
commit 92dd28a38206c264740676a130ae0e894b7a99e7
Author: Antony Antony <appu at phenome.org>
Date: Fri Dec 28 13:42:58 2012 -0500
* audit branch: do not enable fips and labeled ipsec
commit 7a3d372ab8bfabcc87f5646240717f4fe67b9c79
Author: Antony Antony <antony at phenome.org>
Date: Fri Dec 28 17:05:22 2012 +0100
testing linux audit call
commit 026705c5be4d3ed6958fa51d03ad6f9901bf548f
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Fri Dec 28 16:42:00 2012 +0100
To be checked by Paul with redhat connection
commit 9368dfa89508985b7c3ad4c9e1f2e263f81d45e6
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Fri Dec 28 16:26:57 2012 +0100
To be checked by Paul with redhat connection
commit b9656a3a6c0a1a1cdf2687c508ac9cae38000a4d
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Fri Dec 28 16:22:13 2012 +0100
improve diagnostic for loglog(RC_ORIENT, connection must specify host IP address for our side)
commit 91a973a3849f4b84f2bfae079fab74dd4eb41b90
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Fri Dec 28 16:18:32 2012 +0100
resolve_defaultroute_one was wrongly setting parse_src=0 when no {left|right}nexthop
commit 41ac859014d5cb540c3473abc7dffa41624c7cb3
Author: Antony Antony <antony at phenome.org>
Date: Fri Dec 28 16:07:18 2012 +0100
add audit-libs-devel
commit 94dc00b84aa6fc88c2a99ee1dee2376f01df470a
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 01:16:57 2012 -0500
* testing: run "swanprep" to copy testfiles to proper place in VM
commit f2c216bd7f3d1db12b1c2c47bc9ba99304f4ae1f
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 28 00:05:26 2012 -0500
* testing: source testparams.sh, not tparams.sh
commit 76b8eb7c61590dfbe1fe1b8f14cd608027db7aa0
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 26 17:02:53 2012 -0500
* fix override for using sysv not upstart for rhel
commit b0673a022e3c4295ba12989f211d36c22b26065d
Merge: fa036c8 524be4e
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 25 15:23:08 2012 -0500
Merge branch 'master' into sa-stats
commit 70403b646233a58e855949e3ec4b363be920e768
Merge: 70bf68d 524be4e
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 25 15:22:30 2012 -0500
Merge branch 'master' into audit
Conflicts:
packaging/fedora/libreswan.spec
commit 524be4e245715f7675f2ec097c611ac8e6b027e5
Merge: cd577dc 4074677
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 25 13:54:01 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit cd577dce9baacb6adae07e584048fc425cd49a6f
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 25 13:44:24 2012 -0500
* verify: missed replacing on SSCMD - spotted by Philippe
commit 4074677e3579b069580949a71f12614397a5c019
Merge: 8a0165b 5739e0d
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 23 20:49:31 2012 -0800
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 8a0165bd09ce2e7328abbc95dfab14b855f84526
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 23 20:46:47 2012 -0800
build the .8 and .5 man pages for the pluto dir
commit 5739e0d6f38269b80dde76b7726c931765223717
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 23 23:32:39 2012 -0500
* add regenerated ipsec.conf.5 man page
commit 3c06bb41012223fd440623d3479c7eb168a26048
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 23 23:28:31 2012 -0500
updated changes
commit 2ac4d6a68a2e86323f3b95e66fba672f1f1a3bcc
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 23 23:16:41 2012 -0500
* ipsec verify has been extended with more checks
It checks ipsec.conf and ipsec.secrets for syntax errors.
Obsoleted ipsec.conf options are displayed as warning
The OE checks are back, and check FQDN/myid and IPSECKEY in the forward DNS.
The command now return the number of failed tests in text and as exit code.
Man page updated to reflect removed --host option
commit 68d68c6516d1534d8aaab3b45019666d45b40931
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 23 23:13:03 2012 -0500
* Obsoleted global nocrsend= option
This global option was already obsoleted by the per-conn options
leftsendcert= and rightsendcert=
The boolean no_cr_send has been removed, and the parser now warns
the option nocrsend= is obsolete. pluto no longer accepts the
option --nocrsend or -c
commit fa036c88e3f807a3101509dc220c8682bf211041
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 10:44:13 2012 -0800
print ah and ipcomp data too
commit 786aee35df273dd3e0903c172dcd7d390c4a7424
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 09:43:23 2012 -0800
log ah and ipcomp data too
commit ed1ca2c23ba0f296f535dc732f92e5122c2000eb
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 09:31:50 2012 -0800
only log down info on ESP usage
commit 292123162b1db9e7d31f507a5e8bc5105034d585
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 09:26:22 2012 -0800
humanize the down output traffic information too
commit e2fff38821a2ba81e8cffe3ff38d13556870ec37
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 09:19:28 2012 -0800
print humanized numbers for in/out traffic on auto --status
commit 68aaf930e51f9cf075ce2c07bf53d112d95a5b1a
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 09:04:39 2012 -0800
Print in/out/max bytes properly
commit 3392d69dc0eb6851286dc48c3d04e65db6d02216
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 08:50:41 2012 -0800
log traffic information in a better way
commit f3c27c57095adfcbaaa6a45556637c69e13ddc3c
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 20 09:01:34 2012 -0800
initial stab at printing statistics
commit cc7800c327e2bb5d3e1044a9543bdc7f66443700
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 20 10:41:43 2012 -0500
* fix for commit ae4701f35207
It circularly defined pluto_shared_secrets_file to itself, resulting in:
root at bofh:/vol/home/paul/git/libreswan ((2b872a9...)|BISECTING)# ipsec secrets
003 unknown glob error -1
commit b283bf03200e4403c0e70d442cce8d80a0f15d5c
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 20 09:03:38 2012 -0500
* pluto.8 pre-generated man file missing
commit 39b7891e50fae053e8acebdc1f55af6408f8fdad
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 20 08:53:09 2012 -0500
Revert "Revert "Revert "Always use XFRM_MSG_UPDPOLICY instead of XFRM_MSG_NEWPOLICY. This avoids"""
This reverts commit f81203faff29490157c6ef1cbc75d476a902bb63.
This was accidentally pushed
commit 81412f80dae9732431baed3c03caed00a2d93b1e
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 19 22:30:07 2012 -0500
* updated changes
commit 74ac957ef9e7d6450f45014cbb8f0f64cef0177b
Merge: f81203f 939850d
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 19 22:21:56 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 939850da225d242820f64f173c60bf4db7088f84
Merge: 6ca2edb 80717d4
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 19 18:58:44 2012 -0800
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 6ca2edb045895bbcbf116d19492c43949104956e
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 19 18:58:23 2012 -0800
Rewrite the EOF parser to at least warn on an EOF at an EOL
commit f81203faff29490157c6ef1cbc75d476a902bb63
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 19 16:31:41 2012 -0500
Revert "Revert "Always use XFRM_MSG_UPDPOLICY instead of XFRM_MSG_NEWPOLICY. This avoids""
This reverts commit 15d27b8ad4a2f0d1fb252e608cfeafe6b7121773.
commit 80717d46751bb96b64ffba255c2272ea12443b3c
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 18 19:01:21 2012 -0500
* XAUTH: pam example using secureid token
commit 6029093845b37daa541a4b3ab1b9c5580960682d
Merge: 0df9a46 f684308
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 18 17:34:39 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit f6843080e2b00ea154b7a615425cbd1e26921b84
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 18 17:12:22 2012 -0500
minor updates to INSTALL
commit 9bd14cfca07c9a31b31071594ceca33a0e934f2f
Merge: f87fa6e 74c4c45
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 18 17:02:32 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit f87fa6e21630b5082829b342a7e7019056b9609c
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 18 17:02:09 2012 -0500
* remove misleading comment in updown.netkey
commit 1987ac98f81d161e2bf6a34ceef77cb09335ad55
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 18 17:01:24 2012 -0500
* sleep 1s in the addconn thread on startup
It seems on my laptop, things start too fast and pluto isn't ready
yet to accept connections to load.
commit 74c4c456488db37f11bc14ef06d246186f8ba3cf
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 18 17:00:17 2012 -0500
* updates changes
commit 0df9a46f79000c2ce3262bc8898941aaeb44671a
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 18 14:05:01 2012 -0500
* man page: don't use "secret" as a connection name example. too confusing
commit a2b9ef4648337f9dbd0263930d5a680f7564bd1c
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 16 20:13:07 2012 -0500
* fixup pluto man page
commit 0543effbefac84f81e4dacbb73bdfb13a2a5c9dd
Merge: 4e39b53 3c9c5bb
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 16 01:07:03 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
Conflicts:
programs/_realsetup.bsd/ipsec_realsetup.8
programs/addconn/addconn.8.xml
programs/ipsec/initnss.8.xml
programs/ipsec/ipsec_import.8
commit 4e39b53f4b4b72e5a689c6879e11f9bf41852934
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 16 01:05:03 2012 -0500
* realsetup.bsd man page
commit 3c9c5bbc0dc78409580d0bd75e396e9575344ece
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 16 01:00:04 2012 -0500
* fixup man for addconn
commit 4953605ad6e5f0bda0bf9ec867a27283ca3acf7c
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 16 00:58:41 2012 -0500
* fixup xml/man in programs/ipsec
commit 2cdef37289008fcd63c99f0b404dbc45ac334456
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 16 00:49:06 2012 -0500
* fixup more warnings in man pages
Note that man pages get build from xml file into OBJ.* so they
don't automatically overwrite our old man pages.
commit 686aa8b3b3213372c2c70a4e1e18eedc99dc725d
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 16 00:45:43 2012 -0500
* fixup xml files for lib functions. Actually generate man pages.
commit 2b872a9fe5ac998cce0d5ec47f54e21ef54d995b
Merge: ae4701f 18df7f9
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 15 20:23:41 2012 -0800
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit ae4701f35207b8464d7fec5eab3b7b7f1e56f534
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 15 20:23:08 2012 -0800
Squash many warnings
- addrbytesptr() was accepting a double pointer and modifying the
pointer, but the pointer was labeled 'const' and this caused
many warnings higher up. The input is now a non-const uchar **.
(some C compilers may let you do better const declarations, but it's
not portable)
- Added a new DISCARD_CONST macro to discard a const qualifier without
a warning if it really must be done. Use with care and sparingly.
- Added a new START_HASH_PAYLOAD_NO_R_HASH_START() macro when the
r_hash_start variable isn't needed.
- misc other small warnings fixed
commit 18df7f9efa658119022f2f31a316e446f16f6e24
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 14 13:59:18 2012 -0500
* systemd: run -listen on reload instead of --rereadall
Because listen does a rereadall AND looks for new interfaces/addresses
commit b688af50fd089cbdfde74d86cd2292ef3436eeb9
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 14 12:08:50 2012 -0500
* ipsec initnss/import now runs restorecon -Rv on the ipsecdir afterwards
This resolves an issue for me when I got:
Dec 14 10:53:52 thinkpad pluto[24834]: NSS initialization failed (err -8015)
commit 4b18191a796e4624e5ac265d03f4040146a6f1d5
Merge: 8c8e995 92cc873
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 13 20:54:36 2012 -0800
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 92cc87318be06fae146c8fe60eb457a923272053
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 12 22:45:49 2012 -0500
* manpages: fix all but one xml warning in man page generation
The only one I haven't managed to fix is:
Warn: meta author : no refentry/info/author ipsec secrets
Note: meta author : see http://docbook.sf.net/el/author ipsec secrets
Warn: meta author : no author data, so inserted a fixme ipsec secrets
I'm confused where/how they seem to want this author entry.
commit 5edb54ebb5a7c75c9fee60373d423ab752afd811
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 12 22:45:27 2012 -0500
* confread needs to include interfaces.h
commit 8c8e9950b2c9b9e776b1633076de88571db4a9da
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 12 18:23:09 2012 -0800
check the USE_XAUTH variable before installing the pam.d file
commit 70bf68deda87ee6ea9fc72057839d3ccb48fe76d
Merge: ed2ac56 1d7ff88
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 12 19:04:41 2012 -0500
Merge branch 'master' into audit
Conflicts:
CHANGES
packaging/fedora/libreswan.spec
commit 1169d9312794081b49cf14d101e8e808a874b653
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 11 21:49:02 2012 -0800
Install the pam.d pluto file or warn that we're not going to.
commit f3be070c35141aa56c5f9d432be4401d4fc80e8b
Merge: ffff8a0 1d7ff88
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 11 15:43:38 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit ffff8a08cff656dce41415e58729ca92f6646e4f
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 11 15:42:48 2012 -0500
* packaging: fedora spec file copied into one for f17 and f18
This is due to f17 missing the systemd macros
commit 1d7ff882a721bbf244bfe46945d933b4472fc41a
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 10 16:20:50 2012 -0500
* fix check for systemctl daemon-reload call on local install
commit 3822386f3e9819290d993b31e2df8e02b691a9ec
Merge: 8064af1 fb3ba0e
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 10 08:49:36 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 8064af1040812a0ad25f74521fc0a0c4e245188b
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 10 08:49:16 2012 -0500
* note about SElinux in "make install" with some hints
commit f9a657ff6c1477afe0dde9b4bf4fbd8763443fc2
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 10 08:33:22 2012 -0500
* verify: drop hint for rp_filter and man page for help
commit d1d43f71446b961a93d9138d183feeccab2d0bb1
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 10 08:21:11 2012 -0500
* verify: fixup trying alternative locations for ipsec.conf
commit 952821ec8243e23e0c137f68a85f94fe6df95a75
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 10 08:11:55 2012 -0500
* verify: the ss command lives in /bin/ on Debian
commit fb3ba0ecaeda8ab9b36e89b2a2e70217a6fa5d22
Merge: 82bccaa 8d86669
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Mon Dec 10 13:56:56 2012 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 82bccaa9bf44b511e9dd311241e066941b005745
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Mon Dec 10 13:55:35 2012 +0100
No longer getting "warning: NETKEY/XFRM in transport mode" messages in /var/log/secure
commit 8d866691627d8bb2902f1123b0abebf8d0eb35b6
Merge: 5ef0da9 c00ae62
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 10 07:51:16 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 5ef0da94bf92ec4636ade11e11aff732f66d8abc
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 10 07:49:45 2012 -0500
* building: add note in Makefile.inc about not using -O3
commit c00ae623f1674e2b812a9b84ae33f7619b4d7d83
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Mon Dec 10 11:27:43 2012 +0100
With this isatty test, # systemctl stop ipsec.service no longer fails
commit 96d1084f7dfb0f8cab6979bac5736b33ba5ccd33
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 22:19:07 2012 -0500
* close if, need sleep
commit b6be3d1882add38f38de69eb88d6094ab78be722
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 22:14:24 2012 -0500
* lswan_detect: override initsystem for rhel/centos to sysvinit
commit 3df8b641a79e4886ef33d60cc3a98e6d82335d6f
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 21:55:56 2012 -0500
* setup: override to sysv for rhel system that detects upstart
commit fc9d1acc2590adf4dd99d959a242f570ce54b5a9
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 21:51:20 2012 -0500
* Wes forgot a "then"
commit b9aa9c4e913d36ae573fb1c57ca7928e92d6f11f
Merge: bdfd660 6d0df4b
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 20:24:45 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit bdfd660f72703d0a46d22aab00c1c33653cf74c9
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 20:24:16 2012 -0500
* fix name in README.Debian
commit 6d0df4bcc4f98ad24c44e96b739de95e337df09f
Merge: 9f044b9 e4dc613
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 16:58:12 2012 -0800
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 9f044b9e59bf29d7b5f9cca4e2e68b67e8ca5345
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 16:56:12 2012 -0800
Add support for upstart
commit 7782cd9d3e6bfd60f13d200bdbc144416cdc94f1
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 16:49:42 2012 -0800
use --version instead of --versioncode
commit e4dc613df142a349e9a37aab8f85defca4181339
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 19:49:12 2012 -0500
* debian: some scripts use ipsec --verioncode, so alias added to --version
commit fd73a9deb32ed3c198059f8b0e7d686e2cadb50b
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 16:47:11 2012 -0800
check for /sbin/start to signal upstart is being used
commit 8860919c93a6ba0b5681371c41502a83068da02e
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 16:46:57 2012 -0800
add /etc/init
commit e18cfb8beaf3a34e6dcc8336a2e3b6f4737f7578
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 19:10:56 2012 -0500
* updated changes
commit 04920ceb3f4f20f03c8eb480ffb924449b6da1ad
Merge: 6a78096 d02baee
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 19:10:31 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 6a780967b3fe3a9ee04fcdd3de473780b87d481e
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 19:10:04 2012 -0500
* stack: if we find stack is "auto", use netkey
commit d02baeea25fb5559b40567eaa41ef97861d7ebbc
Merge: 775d963 5c3fd7e
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 16:08:09 2012 -0800
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 775d963a608db2fc84db1ed23ed6d81f1cb16d46
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 16:06:37 2012 -0800
start the stack manager
commit 93d2bd22e60c7ad8f18a12b786a026d76459e457
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 16:04:41 2012 -0800
use protostack=netlink since auto is no longer supported.
commit f7e63d1121aa58b59c1b4025680236054945b5da
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 16:04:18 2012 -0800
make the init script more portable across multiple system types
commit 183c8e729a5df9ef3024be0e6ddcb298dcb24b1e
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 19:01:58 2012 -0500
* don't print \n with echo
commit 5c3fd7e9b524667988d426ae7b283b1c01b7e5f8
Merge: 630b02b b1902cc
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 18:55:25 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 630b02bd5534d80206f01a523f8a9e9199857a28
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 18:55:11 2012 -0500
* updated ciabot.pl
commit 3cd993ade964279dcde7d1b17c3c333119e24988
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 18:50:11 2012 -0500
* packaging: rhel spec file updated
commit b1902cc609295cb2b4560d8c3cc85526b7c0df9a
Merge: 9639500 3207408
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 15:46:59 2012 -0800
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 96395006b43a2ddaa8e8dbb3522dd16dd902cbfb
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 15:46:11 2012 -0800
install the ipsec init in rc.d/init.d
commit 499247ffde70d6c43e95841d37f218368a3ec0c2
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 18:35:15 2012 -0500
* allow override for initsystem detection (needed for RHEL)
commit 91c23c8a646436f99231aed20a270cee99d40e9b
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 18:09:22 2012 -0500
* phased out /usr/lib{64}/ipsec - moved contents to /usr/libexec/ipsec
commit 3bc5f72657d65621fded4cf0ae2cda11e699eeb5
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 18:05:50 2012 -0500
* put all our helper programs in libexec, no more /usr/lib{64}/ipsec
commit 3207408545d9e7f941154fa1f2bc350f8af17be2
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 16:56:04 2012 -0500
* we no longer have init.d/ipsec
commit 1c258453fb87e19b37d2fa507cce85c5366b70b6
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 16:44:28 2012 -0500
* libreswan.spec: last cleanup and removal of ghost for /var/run/pluto
commit de79363de7e1d170145e1ef8f5ba41b0d202f78d
Merge: d1f91bf 7093005
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 16:33:05 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 7093005f9ea17e09ec4baf3d758baf8955b0abd3
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 13:33:25 2012 -0800
remove double DESTDIR variable usage
commit d1f91bfded168b224e5810365fe8a28ee5fd76a2
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 16:32:39 2012 -0500
* systemd macros for libreswan.spec
commit 3473e553d57828b6544141a04e61de02a3dd0013
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 13:31:57 2012 -0800
add back in the silenting @ sign.
commit 009d2ad58f3c2ac7bc7394ba49c6bc226141d48f
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 13:30:50 2012 -0800
remove accidental second test keyword
commit 03567c62005eff2516719d8355b35e7a39bac800
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 16:17:37 2012 -0500
* updated to spec file
commit 0bbf38223bc2db530536ae290077731f39391216
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 16:11:34 2012 -0500
* use pkg-config for systemd unitdir
commit 4ad8d7d26cbd4fa03c1883c7f63e9aa6033764bb
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 15:54:48 2012 -0500
* systemd: missing DESTDIR for installing /etc/sysconfig/pluto file
commit 0f757e11625e4fc1ec300604ee71a93a34c9b246
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 15:44:50 2012 -0500
* missing ;
commit fec60f2307161146f231578f61d0f795f580f82b
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 15:43:01 2012 -0500
* systemd: only call systemctl daemon-reload when installing on live system
commit e683d512e43b2f14a1fd7e911575afdddbcbe06c
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 15:38:55 2012 -0500
* commit lingering ipsecdir.xml
commit 703c9b0097de9d8b6d65aa9db7980a9941b5485a
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 15:33:23 2012 -0500
* cleanup fedora libreswan.spec file
commit bf21d057a7fef1b40f76287eca6210f5333c44b6
Merge: 5c90248 8860348
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 15:29:33 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
Conflicts:
packaging/utils/makerelease
commit 5c9024821d7b6b25a6dab987d9ceb65f4585e019
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 15:28:22 2012 -0500
* NSSFLAGS no longer passed via USERCOMPILE
commit 493f30f106868fc75fdbada0414632bfffae1833
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 14:50:21 2012 -0500
* fixup make release target
commit 88603487a28861c6356eb6343b1c6abbf417ac8f
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 14:50:21 2012 -0500
* fixup make release target
commit c1abc72f40a41b1b8bffeeb37bdb8bf8d719af61
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 14:46:23 2012 -0500
* fixup Makefile.ver
commit ba1303d25b08028230bc63cc67507c9d6f4516ab
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 13:53:13 2012 -0500
* systemd: the eval wrapper is needed for the pluto start
commit ee0597d1b409445bdcdd1a20823b9c6f827a263b
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 13:48:42 2012 -0500
* systemd: let the admin know if they need to enable or restart the service
commit 4f898560f7c679d14dd722f3c9ef388031489cef
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 13:30:59 2012 -0500
* List the current mode of SElinux when warning
commit 00d37a0ca5c08f37a4dbbdf594541db327f15cbb
Merge: 8ea5cbf 7db6c4b
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 13:09:10 2012 -0500
Merge branch 'master' into systemd-initd-install
commit 7db6c4b83cf886bd2bcceac6482d21106d4775a0
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 13:08:32 2012 -0500
* xml: d.ipsec.conf/ipsecdir.xml was missing from the ipsec.conf man page
commit 42840a57d890963072017f73278b5fb598ef0b86
Merge: 301a3ed 1b3782f
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 9 13:07:44 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 8ea5cbf7c6bae32fe4a669f8f73347dec9cf822d
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 09:17:51 2012 -0800
Add the sbin director to the PATH so the ipsec program can be found
commit b30dda4e494995938dc957877d065c38bdf7b59f
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 07:45:32 2012 -0800
remove the no longer needed eval wrapping and start the _stackmanager
commit 101b282b491c97cc8428bfa8ed24c03d60eacf74
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sun Dec 9 07:26:03 2012 -0800
don't overwrite sysconfig and similar config files
commit 70882e68c5b795308c5c46352629373dcfdac804
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 19:41:56 2012 -0800
assume only a single init file and drop the foreach loop
commit 1b3782f7c58ee3d5efab3af9ca25a54197a6e12e
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 22:40:53 2012 -0500
* verify: ip xfrm output is different between iproute 2.6 and 3.x
commit 667e8e53e600a8797b3b60d4e8d22f3d9767b8d9
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 19:34:08 2012 -0800
set the default pluto options to blank
commit d405123ea17d99a4b2d04126b70bc60266b5282c
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 19:34:00 2012 -0800
add back in the PLUTO_OPTIONS
commit 75b26ff3ed39ce2e148e6fe33d7c691eb6bd26c7
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 22:05:12 2012 -0500
* verify: fixup check for UDP listening on port 500/4500 with ss
Use slightly different arguments to work around ss bug, see:
https://bugzilla.redhat.com/show_bug.cgi?id=829630
commit 366a7bfb3524b5641dee256920df2a648be31bc5
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 22:00:01 2012 -0500
* verify: document known bug in /usr/sbin/ss with UDP listening sockets
commit c37f04df26ae7f15bc5888f8e36558562911cea4
Merge: 3a24121 9482067
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 16:08:49 2012 -0800
merge of changes from test fedora system
commit 9482067bca19da168a81b21bb7984645d1a2ab0a
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 16:07:34 2012 -0800
fixes for upstart systems
commit 4cdd5f9e42a0b37034b85c42d1a54d39b685367d
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 18:40:50 2012 -0500
* ipsec initnss had a bogus space in it
commit 3a241219dec9c4422da37fdd8c7c3a60017f4b84
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 15:30:21 2012 -0800
move the config-all.h file back to fedora where it accidentally came from
commit 06963c3a7d47c20f86c8fa7ebb1a9402561a9454
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 15:21:25 2012 -0800
Don't add in the PLUTO_OPTIONS since the variable doesn't get expanded
commit d5e62676c910a7a7f8a83595cf3627cdb759d88d
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 15:05:50 2012 -0800
use the right directory without a double ipsec/ component for pluto
commit 98c5ca0979f5a0f6070a5b124ed6602181a68bae
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 17:58:29 2012 -0500
* remove SECRETS= define from _plutorun.in
commit 55897bb1d5153eb2478cb1d3fe5ffe2468f9e280
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 17:48:37 2012 -0500
* _plutorun: don't pass --secretsfile /etc/ipsec.secrets
The default is set inside plutomain, and we allow secretsfile= in
config setup in ipsec.conf to override the location.
commit a7ff6da16b1366a5282b34bc2d6c1ccfb942b3cd
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 17:23:44 2012 -0500
* OCF: _stackmanager tried to tune KLIPS before the module was loaded
commit a29f6556f60df87d1c239cd61b6f808a365e7480
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 17:17:02 2012 -0500
* NSS: Use pkg-config --libs nss to find proper nss/nspr versions
commit 380de4f526c86b03cdb7fa58b7af0d2aaa191c8c
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 15:09:03 2012 -0500
* compiling: Update standard compile options to be more hardened
commit 5ea78a977b92cb2c2771ab04cd115e58562f73d8
Merge: 2c7ca0a 9768583
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 11:42:54 2012 -0800
Merge branch 'systemd-initd-install' of wjh.hardakers.net:/home/hardaker/src/nohats/libreswan into systemd-initd-install
commit 2c7ca0af0724a37c8f86bcb3fbd5587d2e6c7ce8
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 11:42:48 2012 -0800
move all init based files and install process into the initsystems directory
commit 9768583e9711dfe98e9ff26ac5363784b65a5315
Merge: 7f4c56e f39f5da
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 11:40:11 2012 -0800
Merge branch 'make-man-pages' into systemd-initd-install
commit f39f5da012ad19195768f4c3c2efffda6b3cf46c
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 11:37:33 2012 -0800
keep the ipsec.conf.5 man page in the repo for xmlto-less install
commit 29f9b10aa440d86b55f620542fd6e4d4eeb33a2d
Merge: 616a509 c1886aa
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 13:43:33 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 616a5096bf1d310ef2996d7388b5149f6c128d40
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 13:43:14 2012 -0500
updated changes
commit 15d27b8ad4a2f0d1fb252e608cfeafe6b7121773
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 13:41:48 2012 -0500
Revert "Always use XFRM_MSG_UPDPOLICY instead of XFRM_MSG_NEWPOLICY. This avoids"
This reverts commit b5fa5eb1033ee3b73f7121a8ba3e593be21f8226.
commit efbf79e862921999d1163a0f69bc65eb1cc177cd
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 8 13:38:15 2012 -0500
* updated changes
commit c1886aa176d89aaa9b1f588c1f3c85bcae7cf523
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 8 10:22:24 2012 -0800
document that you need the unbound development environment
commit ae8aafc0786d8ae3076b013b2af6aa83f4fef875
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sat Dec 8 12:06:50 2012 +0100
Undo all my changes - Bug non reproducible at will
commit f87c7b25e75587728d7f5cedd0b8e8e27c093870
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Fri Dec 7 21:57:30 2012 +0100
Undo change from PK11CertListCA to PK11CertListAll - Bug was in gcc at -O3
commit 301a3ed46c22bad5d6c704b51848de8ca36f2ebf
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 7 13:37:40 2012 -0500
* add man page for secretsfile= in config setup
commit 7f4c56e38b60d8998f9d71a57df821013320d39c
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Dec 7 13:12:32 2012 -0500
* Remove all options in sysconfig.pluto.in that can be set in ipsec.conf
commit 21e0c5093e6008ca84be0496b42c4975c481afe7
Merge: d9cd695 e88f232
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Fri Dec 7 13:54:26 2012 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit d9cd695024280d2acd29a4ae708ee3f0bd404689
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Fri Dec 7 13:53:38 2012 +0100
Undo the test on %defaultroute - The root cause was _stackmanager not activated by /lib/systemd/system/ipsec.service (wrong syntax)
commit a8aed174a2128ffde9ef820aa522575d1d84ea82
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 21:32:43 2012 -0800
Use variable replacements for the /var and /etc directories
commit ab120bb7bba4a16cba663d77d7ece4431c3c1436
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 21:31:48 2012 -0800
make sed replace all instances on a line, not just the first
commit 0e91c57939c84642c2d849cbcc9e40cecd0204cf
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 21:29:01 2012 -0800
build the sysconfig.pluto files
commit 5bf9f4f518cf68d8d86b1c6c860f10517a6e71e8
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 21:24:47 2012 -0800
install the systemconfig pluto file
commit 135180565254b65725f0b7940fbaba5c5c1238e3
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 21:24:15 2012 -0800
fix line-break escapes
commit a7f77643fc0406f69eb1ce4548c972ea2872a818
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 21:20:11 2012 -0800
break the installation process into multiple targets
commit 78e54d2e31022dd1a60bee376a0d7d9de7275512
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 21:18:34 2012 -0800
install the sysconfig pluto file if not present
(and break the installation process into separate rules)
commit ca3bc0ed127536164a8e57de5a7846501319b688
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 20:52:24 2012 -0800
test to see if the service is enabled and warn if it isn't yet.
Note: the current init file is 'ipsec.init' and it may be desired to
name it 'ipsec' instead in the long run?
commit f07164bed0dd411b9a3f3908f86911c9b089b5f7
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 19:18:33 2012 -0800
check if selinux is enabled and maybe print a big warning
ie, if the install path is not /usr then policy needs to be updated
commit d2386e12fbd63d507c261d07c5154bbc43e8cc95
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 18:31:20 2012 -0800
fix the src directory names
commit a203397da264178bcd60330da5f76716094d8f41
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 6 17:45:49 2012 -0800
remove (or at least warn about) SYSV init style ipsec files
commit e88f2323f13a211260296d51679d94041284b5bb
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 18:41:55 2012 -0500
* NSS: added 'ipsec import' and moved 'ipsec initnss'
ipsec import is for importing PKCS#12 files into the nss db
ipsec initnss moved from its own shell script into the "ipsec"
shell script itself (like "ipsec import")
man page for initnss put into programs/ipsec for lack of better place
Changed README.nss to remove instruction on how to enable NSS
commit ba58432f10de4b20cf8314e5049017acfc897664
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 18:27:08 2012 -0500
* testing: fixup X509 certificate generation
commit 543ff94ee6c5bdaa7309e645010104c90d6b0358
Merge: 50f12b4 56397dd
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 17:39:12 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 50f12b48ead3384e245c96be1e95a6b09d901193
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 17:32:37 2012 -0500
* fixup nat_t_spf/disable port floating
The variable is TRUE for yes, but --disable_port_float is set for FALSE
This was introduced a week ago when disable_port_float=yes|no support
was added. This caused NAT-T for non-XP clients to fail
commit 56397dd92ea9ff29c9ae6be69e097397dda6962d
Merge: 7de58a9 697d3f2
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 11:17:04 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
Conflicts:
CHANGES
commit 7de58a95e91b1c20060ec25c00f0d4cb944a3822
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 11:08:05 2012 -0500
* updated changes
commit bebdc58d9cbc95530ad2d1dd374b25f39fbfad73
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 11:07:47 2012 -0500
* Fix compile when NAT_TRAVERSAL=false
commit 24a4ba9dc9b5c1310eafb43e6123ddf6c97bac9c
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 11:05:12 2012 -0500
* DPD: We did not send DPD VID in aggressive mode with NAT-T disabled
commit 8ea1ad46da5b884ee4c9dacf8ee82c59c4f0da96
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 10:46:49 2012 -0500
updated changes
commit 7d0182972f247899e4eda224e1f51c77ebea4a8c
Author: Antony Antony <antony at phenome.org>
Date: Thu Dec 6 10:42:57 2012 -0500
* spdb_v2_struct.c needs demux.h (shows up when disabling NAT-T)
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 697d3f272765707569560861394639cbca22dc93
Merge: 90a28fd ee59361
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 09:40:34 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 90a28fd34ddf45e1d511330d1c5f0a2346a7db0b
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 09:33:31 2012 -0500
* addconn: set resolvip to true on init, instead of a few lines lower
commit d0574d638b6f69af1c438127da6f00dc9c5b1adb
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 09:32:19 2012 -0500
* added some debugging to confread.c
commit ccffe4e4f92ca0dee862cd7242cbcfc559461ce4
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Dec 6 09:31:43 2012 -0500
updated changes
commit 22f498701b923dc980e1477797cb21dd75d6459a
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Dec 6 09:30:04 2012 -0500
* DPD: dpdaction=restart can cause full phase1 timeout after DPD
(rhbz#848132)
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit ee5936186f0b2b9a4e8b4f29a44cb4bcec73241c
Merge: 8e6080d 4c55a98
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Thu Dec 6 14:58:59 2012 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 8e6080d4e630f37e4d9c3e544ebc36399036a760
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Thu Dec 6 14:58:19 2012 +0100
Changed PK11CertListCA to PK11CertListAll - Bug in NSS library
commit 78b1b19d0bb6a258086882aab4ea091f2694d227
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 5 21:34:17 2012 -0800
separate packaging (.spec) files from systemd/init files
commit 470651a34384e3e645963409ad52e0983c792121
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 5 21:05:50 2012 -0800
move the SED replacement definitions into the safer .inc file
commit d2e294ec9f24f2780fd233943c3c7d64ab8be408
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 5 20:53:52 2012 -0800
use a forced /etc in the likely always-/etc places
commit 7736ea89a2f505b711c029cfdc8ca1b004c42a20
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 5 20:48:43 2012 -0800
assume ip is always in /sbin
commit 3213273d6250f56bc295db989197bbef7d6a9e29
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 5 20:47:28 2012 -0800
assume sh is always in /bin
commit 0a733b75acef30f21fbf3532bb732936d6f0e0cf
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 5 20:46:52 2012 -0800
remove top-level definitions of files to install since they're in subdirs now
commit 5326a9d6cd996cb9d2d762c52979cb643df14cd4
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 5 20:42:29 2012 -0800
always use raw /etc path for resolv.conf files, per PaulW
commit 28e00628aa50a66d442896a08345c9611a7326c5
Author: Wes Hardaker <opensource at hardakers.net>
Date: Wed Dec 5 20:30:25 2012 -0800
set the default man list based on the current program name
(if there is one)
commit 4c55a9843856289b7cec7cc7d14d2faa67f69d09
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 5 21:10:53 2012 -0500
* add note to pluto man page
commit cc24a3379587543af1e6c865dfbc47d37a5a5319
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Wed Dec 5 22:25:55 2012 +0100
In refine_host_connection, test psk != dpsk if initiator - Shrew tests with Preshared key passed
commit 398ae1eaf206f9dabfb21b1658e827c269615f3c
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 5 16:08:25 2012 -0500
* Remove module goo leftovers from freeswan
commit ef8103fd23431ec4a04f5082112334b005935ce5
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Dec 5 15:36:51 2012 -0500
* remove buildlin.sh
commit 858f174df229f1bfebae98c3714f3495cf1cb234
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 23:27:18 2012 -0800
use proper variable expansion for system-specific values
commit 41619e11a01dae8155dead7b97279fad2bec6654
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 23:26:46 2012 -0800
add some more needed variable expansion rules needed by system files
commit 020e4f5118170395caf8726e160b2aeff6995c25
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 23:12:09 2012 -0800
link to the new os-type-based directory names
commit 4272381aaeccc948a7a3638bdaaa29dc4911f5e0
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 23:11:44 2012 -0800
fix shadow-tree building
commit dda661238899696034be13684a415fa442af46f0
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 23:07:01 2012 -0800
initial work to do builds and installs of system files
commit f5b0898ef2c59aaa54ed566f973095a120bc3376
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 23:05:00 2012 -0800
Moved the sed definition into the Makefile.top file
commit 82fe823d1dbb11ea8f9c077c7de02271774481f5
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 22:30:37 2012 -0800
renamed the init and service files to .in files for proper path building
commit f7f8d5081edce9ee2e11a01c1ac8053b618de0bb
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 21:44:59 2012 -0800
move the lswan_detect.sh file into the utils subdir
commit 007ee62b2c481344142be45a8e5cc3bfae373258
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 21:28:05 2012 -0800
Add 'man' and 'config' targets so they can be built independently
commit 71ec5c443d1dcffcddf106ed1d86d6e2ccfe7261
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 20:58:51 2012 -0800
allow other arguments to be passed (e.g. -j5) to the building process
commit 60cead8b100ea7314d336a4104ce2f32da06079c
Author: Wes Hardaker <opensource at hardakers.net>
Date: Tue Dec 4 20:52:37 2012 -0800
build man pages and config files during 'make programs' instead of 'install'
commit 5b5b5192f3f0772131c20eb705450079baff36fa
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Wed Dec 5 16:02:59 2012 +0100
handles %defaultroute
commit 35c8b26a97087279ed2622c8eb898a2eaf4304fb
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Wed Dec 5 13:45:46 2012 +0100
Missing in file
commit 425e50a0873c2f1e7fd9cc478d93ea751d8ddac0
Merge: f5245f0 1573989
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Wed Dec 5 13:38:28 2012 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit f5245f0f0a3d5d74a154d4a5cfdd5a1978bf65eb
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Wed Dec 5 13:32:32 2012 +0100
No longer producing Bad file descriptor on stdout
commit 157398947b8de79d18fef0bd590069328f84f64a
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 4 18:40:21 2012 -0500
* systemd: It's ExecStopPost= not PostExecStop=
commit 1ddee8dee7b98846c393e9b81b89084ffe635494
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 4 15:02:32 2012 -0500
* empty stub sysconfig.pluto
commit 4a568ec82ea28696aa9918d7ff23eca1b3d73be1
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 4 14:59:55 2012 -0500
* generalised ipsec.service file - should get easier for make install
commit 70800c9ee74f56b4920403667f7ee0169dcd58b4
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 4 13:45:14 2012 -0500
* move packaging/lswan_detect.sh to packaging/utils/lswan-detect
commit dd1dd8d194ef4c0308370fd5617739a79eeed3f2
Merge: 979fae5 574c211
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 4 12:43:58 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 574c21175f21b8326a76fd493f522b65195528f4
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 4 12:27:03 2012 -0500
* Fix to eclipsed() function introduced in freeswan-2.02
Related changelog enttry from freeswan:
pluto can now have wavesec and OE coexisting.
commit 203fbf84468b48bd822d595f1cb25e37266025e1
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 4 11:23:47 2012 -0500
* pluto: no longer warn about reaping the addconn child process
commit 979fae5aacaa0dbbd1c2334ed0b5886806c47db0
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 4 09:40:03 2012 -0500
* Don't set XAUTH as policy based on receiving XAUTH VID
As some ipsec clients (eg strongswan) send these vendor id's
even when they are not planning or allowing XAUTH in the
connection. Instead, we rely on our loading of the connection
to set the XAUTH policy on the connection.
commit ed2ac56ce6e71b0c4537dfffaa1e5b1b981826a6
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 4 09:42:30 2012 -0500
updated changes
commit c225588ab32093336be30caa4a25961c98a52924
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 4 09:40:03 2012 -0500
* Don't set XAUTH as policy based on receiving XAUTH VID
As some ipsec clients (eg strongswan) send these vendor id's
even when they are not planning or allowing XAUTH in the
connection. Instead, we rely on our loading of the connection
to set the XAUTH policy on the connection.
commit 3111464867ae74e8ccef4f6f0cc59db0ca88e87d
Merge: 655f0b2 54c516c
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 21:47:53 2012 -0500
Merge branch 'master' into audit
Conflicts:
Makefile.inc
programs/pluto/plutomain.c
commit 54c516ca1c6de08c54c2a9864cf3ed619a10fa79
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 21:42:44 2012 -0500
* _stackmanager: for KLIPS without interfaces=, assume %defaultroute
commit c107c86c67ba3fca7e23533ce9705cf9bbe2426e
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 21:26:17 2012 -0500
* make logging regarding interfaces consistent.
Added note that we don't need to call use_interface.
commit 84faa82b909f7b568320b8a4ec693b0d1a55bcd6
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 21:25:32 2012 -0500
* _stackmanager: whitespace fixes, throw errors to stderr
commit 284f9e4bc48a31ac8aa818f31fe70cb218030fef
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 20:15:13 2012 -0500
* interfaces.h was needed for one function
commit 45338432178e1afe9f47a1438ca4953856792770
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 20:10:58 2012 -0500
* remove virtif.c related functions - it was not used
commit 3ce0d9a3d171862328bf0a01a6fe449516331673
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 19:39:57 2012 -0500
* argv for execve() was missing NULL termination, so addconn did not run
This caused the new "helper" to load connections on boot to not run properly,
and no conns were loaded.
commit 4295d23161687d80839aac1d3da1f77735503b3a
Merge: 26ca0c3 38064d0
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 19:12:04 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 26ca0c3fe933f05e52d4ca30edebb5102bad4a07
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 19:06:21 2012 -0500
* remove code we never used (/var/run/pluto/dynip/<iface>)
commit 38064d0a10910e0ddf4675d1fe6096b436b32021
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 18:32:48 2012 -0500
* ignore interfaces= line for NETKEY
commit 9fe0ea0712dae207259f935309f3855393b47416
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 18:17:28 2012 -0500
* a minus was accidentally introduced in refine_host_connection()
An added minus accidentally added a comma, causing compiling to fail
commit 62013807c57cc5ad52a24dae4647b5f26b3b24af
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 11:14:15 2012 -0500
* Set POLICY_XAUTH when receiving XAUTHInitPreShared / XAUTHInitRSA
commit 655f0b20fc7492c415e2d5dcf95f149bf128db28
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Dec 3 11:14:15 2012 -0500
* Set POLICY_XAUTH when receiving XAUTHInitPreShared / XAUTHInitRSA
commit 77bfb4f52ad9afcb5f4789fcaf7e6ffa86bb3f26
Merge: b53d636 8aefa2e
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Dec 2 22:04:59 2012 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 8aefa2ea36f3fa1ce1ad7f91f2bc15297484144d
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 2 15:33:19 2012 -0500
* fix typo in order.txt for ipsec.conf man page generation
commit 0faa950af2d25de3111eb12b65d79d07dc9bcbd2
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 2 15:25:19 2012 -0500
* updated changes
commit b53d6360b55bcf157cfd9039baed8ace33ddc53a
Merge: adb63a6 9e545e3
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Dec 2 20:08:16 2012 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 9e545e367f4ca7368daf23bbcd3f361490053268
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 1 19:14:50 2012 -0500
* disable fipscheck and labeled security for now on default build
because debian/ubuntu does not have the fipscheck headers, and
the labeled security seems to cause some netkey problems.
commit d828ecda974ef4d5d07e5248ac1de9fd83e68f6a
Merge: b421167 d619145
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Dec 1 14:35:27 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d61914508cbf339a5fe57c376d67279474b0f339
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 18:37:21 2012 -0500
* fix hunk
Conflicts:
programs/pluto/plutomain.c
commit 6ce3b201fb32aab9f94e16e7d7fe8387352e8e55
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 17:35:22 2012 -0500
* add "FATAL" to error when failing fips mode and aborting
commit 273e611a1ab883940112aabbb6e2b50c5ffc217d
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 17:29:33 2012 -0500
* Log NSS success via libreswan_log(), not via RC_LOG_SERIOUS
This prevents a spurious message by pluto at startup
commit 6151f47821b0577092842cc8c503e55849da2993
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 18:37:59 2012 -0500
* Initial Linux audit support and test message
commit df2ccdd849e78116f38e341e3ce90058d054c6ee
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 18:37:21 2012 -0500
* fix hunk
commit b421167bee7544d7a3930a5a35bf537ae29079f0
Merge: 4b25b74 531b9ec
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 18:33:23 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 701512a3ba98e1503dee705734c2fe23a28b4aea
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 18:10:04 2012 -0500
* forcebusy.xml > force_busy.xml
commit 4b25b746072681429779908d008e4e823677009d
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 17:42:02 2012 -0500
* un-nest the fipscheck/nsscheck
I'm not sure why these were nested, as they are unrelated and run
one after the other.
commit 523aa3ef556939d39f99eef0c59f7d83b3747d6a
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 17:35:22 2012 -0500
* add "FATAL" to error when failing fips mode and aborting
commit e5c7ed9f43ec23f3ed69ef2df7823fdddeb454b3
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 17:32:34 2012 -0500
* Display whether fips support is compiled in on startup
Similar to the other USE_XXX options.
Also, display when support is compiled in, but pluto is not running
in fips mode.
commit 2ad672346ea108d54331b58c3f27ad5b30ae4646
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 17:29:33 2012 -0500
* Log NSS success via libreswan_log(), not via RC_LOG_SERIOUS
This prevents a spurious message by pluto at startup
commit 531b9ec41cc7d02c28a2f4d70daf37cfa5d5d11a
Merge: cc4b685 c523a99
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 30 17:14:45 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit c523a9989239755d437c01dd2fa280feed59bbef
Author: Kim B. Heino <b at bbbs.net>
Date: Fri Nov 30 21:45:06 2012 +0200
addconn: parse %defaultroute to IP address using kernel's netlink
commit 21c84032943b348ffb027091ec5accf7756e941c
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 23:06:47 2012 -0500
* added some build/testing requirements in INSTALL
commit 09bfed953f9c261d0ae2d2827264a955a81f3f52
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 23:00:12 2012 -0500
* more occurances of umlsetup.nl and NJ (netjig)
commit 40cb9b48e81b65fd71261f8f8f41c60bcefe8e04
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 22:56:15 2012 -0500
* dotest.sh was expecting umlsetup.sh instead of kvmsetup.sh
commit 8294c79a7e3aff42d13a0ab6feaa92d3498336aa
Merge: 96bcb05 f979759
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 22:19:53 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 96bcb05eb8af7cd851cc01096fca27be94d237c2
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 22:19:21 2012 -0500
* testingL fixup creation of KVM's via install.sh
commit f979759f639054fbc58d3197284a8c42d276ed6b
Merge: c5df821 b69f1fe
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 19:01:55 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
Conflicts:
testing/libvirt/install.sh
commit c5df821e01db73c27f4aac0c95ad298335f5fc05
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 19:00:42 2012 -0500
* Check that we can write to /var/lib/libvirt/qemu/
It's needed for the serial consoles
commit b69f1fef7ca5a165e6b2000a1e9bce91bb5812a4
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 13:28:40 2012 -0500
* updated kvmsetup.sh.sample
commit a31218c6fabb30d79312ad07e8fcc139f2008763
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 13:08:49 2012 -0500
* create pool space directory and set +x so qemu-kvm can find disks
commit ad40f24dfbed9f02f1a42dd957b4fd18ed924db9
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 13:03:41 2012 -0500
* virt-install was fixed to no longer require the disk image to exist
commit 81d38bfc6d45c76d6bffa662a760f9da7ab8231b
Merge: 840bfcf e206dc7
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 12:05:19 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 840bfcfa4a0154b16c0aafacf1c7633a79471ff6
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 12:05:03 2012 -0500
updated changes
commit 250ea98890ec1b46a1d87c34ef468134714e605a
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 12:03:18 2012 -0500
* pluto: support for secretsfile= and ipsecdir= in ipsec.conf
Matches pluto's --secrets and --ipsecd options
commit e206dc7f705ceb542485fda0fb6d3f9f89d1c6e3
Author: Kim B. Heino <b at bbbs.net>
Date: Thu Nov 29 18:12:45 2012 +0200
addconn: remove tailing whitespaces
commit 03f76a270b514ac63c8ebe820c7773e8f3dc25b8
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 11:03:02 2012 -0500
* updated changes
commit 614b5f3d35c3e6143ad829ca662039eae05e7694
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 29 11:00:41 2012 -0500
* addconn/pluto: ensure conn names are always treated case sensitive
This was implemented inconsistently, so when defining conn CaMelCase,
you would end up being able to do "ipsec auto --add camelcase" but
not "ipsec auto --delete camelcase".
consensus was that connections should keep there case sensitivity.
commit cc4b6850f1d4eacf173d66cca3ed9c85ecb61177
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 28 18:30:05 2012 -0500
* document force_busy=no|yes config setup option
commit adb63a6d4ab4a1e411eff9a17f42b5f90abbd693
Merge: c432cd3 5f04b1d
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Wed Nov 28 11:46:47 2012 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 5f04b1deee52a6d853123e3f604997409ad6ab0d
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 23:27:21 2012 -0500
* remove old comment
commit a00edcc7ddf3c05823d0eab9f3e697c29e9e3559
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 23:27:11 2012 -0500
* updated changes
commit d64de3f22a930e04f3c9bd68bcffd81479509e2b
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 23:06:39 2012 -0500
* pluto: added ikeport= and nat_ikeport= options, and --natikeport
There was already an --ikeport option. So ikeport= is the config setup
equivalent. It changes the pluto_port variable.
For the NAT-T port, the code used a define NAT_T_IKE_FLOAT_PORT throughout
the code. This has now been rewritetnt to use a new variable a new
pluto_natt_float_port, similar to pluto_port. The --natikeport option
was added to pluto
commit 4ff953206395807b8dd0fb249a32553fc4a08114
Merge: 8365137 e445618
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 22:54:55 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit e4456182de79995d860101c1e68c0eb326bd56b1
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 22:54:53 2012 -0500
* man page sections for perpeerlog/perpeerlogdir
commit 8365137400b391ac4ec6faba6c79de426419d3c3
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 22:35:37 2012 -0500
* dont need a default for KSF_PERPEERDIR
commit a6286e19cbf598f1b9441c4a29d0c6ff07c36bd1
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 20:59:12 2012 -0500
* update changes
commit 413e72353fcbf0bfd7c431d96e443d98aeb36dc1
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 20:58:11 2012 -0500
* pluto: added plutofork=yes|no to match pluto --nofork
commit 09faf5c5721bd28be8897a933fdd2917e9060964
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 18:40:26 2012 -0500
* updated changes
commit 55fe81ba411b6a2a2c28769c66e472a009c67218
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 18:39:29 2012 -0500
* pluto: added retransmits=yes|no config setup option
This matches up with the pluto --noretransmits option
commit 644f8ff9827a1823fe8deec8443f062f7979e77e
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 18:19:25 2012 -0500
* ipsec.conf: Added perpeerlog=yes|no and perpeerlogdir= options
Added perpeerlog=no and perpeerlogdir=/var/log/pluto/peer/ options.
These translate to the --perpeerlog and --perpeerlogdir pluto daemon
options.
Note that the default location for perpeerlogdir used to be a compile
time option depending on ${FINALLOGDIR} so this could change the
default for some people.
commit dd17c836c7ea50a28c0070ba780c47bdf4b69311
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 18:18:45 2012 -0500
* no longer print the "version 2" via readwriteconf.
We want to silently eat it and phase out its use
commit 0e1c2f71eb0c80d7f577086a88f15d51c517ffc0
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 17:19:07 2012 -0500
* add comment
commit 6fa230154409efdd9ad5b33dcc4d6f349bf5d25f
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 17:18:36 2012 -0500
* remove lwdnsq mentions from xml
commit ecdd6cbcf7ca22d9728bb0c677172a839a1c22b3
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 16:34:54 2012 -0500
* renamed osw to lsw prefix
commit 1534a10899784a3e8375a7b5f7e5f00d4852862b
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 16:31:15 2012 -0500
* missed testing/liblibreswan -> testing/libswan
commit d10853498cbcfb8a8bf0e56e113d7436bd249536
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 16:03:17 2012 -0500
* KLIPS: build module in "modobj" instead of "modobj26"
All 2.6 and 3.x versions now build in modobj/". The 2.4 version now
builds in modobj24/
commit 38d495611cf550f041f385d7969d6f033564d9a8
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 27 15:53:06 2012 -0500
* rename liblibreswan to libswan
It's too difficult to type, and confusing regarding libres (resolver lib)
commit 4dad80224be1fa1b33ff7a6fda903d854650a575
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 26 15:12:12 2012 -0500
* testing: removed old uml related scripts, utils and netjig code
commit 5e21968cdf5dbceba171158dc2f19d9250c0ab32
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 26 14:50:33 2012 -0500
* packaging: Removed freeswan release scripts from packaging/utils/
Also removed some openswan cruft for releasing and cvs handling
commit 862581310bc083e777a4aff5f4520930ff0446c0
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 26 02:28:15 2012 -0500
* packaging/utils/makerelease: tar no longer needs to be verbose
commit f7bfecf125a7250e4ebe46e88b887f1edccbb5bb
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 26 02:27:35 2012 -0500
bump to 2.91
commit 46cbfdd54ca07d3e67ff98ce72c25a0e61b0d13c
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 26 02:24:26 2012 -0500
* check for specific release file, not the release dir
commit 8f5b74cd578e21688a94c6cb2d9e2b810f75bcfe
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 26 02:22:41 2012 -0500
* added packaging/utils/makerelease
commit 601a32ff2414ae6d9533ea747c3df8af2cb574f3
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 26 02:12:21 2012 -0500
* add make release target
commit 4bc2e6d4304c87bdeddfb7602d074846d77d9423
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 26 01:25:53 2012 -0500
* CHANGES: release will be 3.0, not 3.0.0
commit d0b22f134757678874cf428a5fe2516c3470a137
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Nov 25 23:29:43 2012 -0500
fixup readme
commit 537340a6e53567a31b212cc441d5d6714c709213
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Nov 25 23:28:14 2012 -0500
* debian: updated debian build
Experimental target: make deb
commit ac083e4fd94b6b7144d4ec159a81ece97f744c52
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Nov 25 22:11:10 2012 -0500
* added version related make targets for easier packaging
paul at ubuntu:~/libreswan$ make showversion
2.9rc1-1-gb191401-master
paul at ubuntu:~/libreswan$ make showversion
2.9rc1-1-gb191401-master
paul at ubuntu:~/libreswan$ make showdebversion
2.9~rc1_1_gb191401_master
paul at ubuntu:~/libreswan$ make showrpmversion
2.9rc1
paul at ubuntu:~/libreswan$ make showrpmrelease
1-gb191401-master
(I'll leave it to Tuomo to fixup the rpm to use proper -0 release)
commit d76b095bab5063386a651613e96b91e09e4d1d1d
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Nov 25 21:56:40 2012 -0500
* remove some VENDOR remnants
commit 1587ee92e68f7e8723065efdb438ecf6c3978aef
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Nov 25 21:42:08 2012 -0500
* version: slightly changed version building
The version now shows the branch and tag instead of hardcoding
to "master" and branch number hardcoded in Makefile.ver
If there is no .git/ we assume this is a release and we pick the
version straight from Makefile.ver (which also allows an override
now using: make IPSECBASEVERSION=2.9 programs
It now shows this if compiled from git using "make programs"
v2.9-1-gda49099-dirty-master
Meaning the latest tag is "2.9", which was "1" commit ago, we're at
commit "gda49099" in the branch "master". And we are dirty (as in
there are uncommited changes as well)
commit 247fa8f6bb79e00a637d3823a871453f0eaaea30
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Nov 25 21:38:24 2012 -0500
* testing: include linux/include/ while compiling test stubs
commit dfd3936eb4e472f6c5cc37f4f14f6c471ac5c795
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Nov 25 21:38:06 2012 -0500
* remove CVS log
commit 6eefb4e10c2fc3f2d72c68a21115001df1b7e99f
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Nov 25 12:08:44 2012 -0500
* lswan_detect.sh: detect Foobar, lack of oracle support, default output
Apart from errors on stderr, return "unknown" on stdout for 'make' to use
commit dc9a30808c78fdcecc9c6f16b89eeb1300c72cab
Author: Hugh Daniel <hugh at libreswan.org>
Date: Sun Nov 25 04:31:44 2012 -0800
This script now works cleanly on five (5) different Linux OS Distrabutions
and all the current init styles. It will do for now.
I should note that I think the name should be changed to something more
descriptive, and that the data should be returned in a different format, one where
ONE type of data is returned on each line. But that is for later, it now works.
commit 8b22019326b05397c86bfd0ec8027899adb0d254
Author: Hugh Daniel <hugh at libreswan.org>
Date: Sat Nov 24 17:38:51 2012 -0800
Change from Paul to fix extra output on Debian.
commit 348ca37ab25a797df44b7c5df55ceae04e3f49f3
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 24 19:56:21 2012 -0500
* lswan_detect.sh: use version argument and add sbin:/usr/sbin to PATH
commit 6d93d52276f156f5221a24b87551fcd6ff63555c
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 24 19:52:29 2012 -0500
* fix upstart check to cover more ubuntu/debian flavours
commit e4b84556105df097baf62178e7a0d72644cee50d
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 24 19:52:07 2012 -0500
Revert "* fix upstart check to cover more ubuntu/debian flavours"
This reverts commit efb158f50c9733b41155e8252dfd67197998d02e.
commit efb158f50c9733b41155e8252dfd67197998d02e
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 24 19:49:18 2012 -0500
* fix upstart check to cover more ubuntu/debian flavours
commit 0eed1ab7a546125893f96e50fe88bac46ccdb64f
Merge: 7c73661 4d82946
Author: Hugh Daniel <hugh at libreswan.org>
Date: Sat Nov 24 16:28:06 2012 -0800
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
Conflicts:
programs/Makefile
commit 4d82946296c8c905f0e73149dde125d848d3928a
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 24 16:54:36 2012 -0500
* _stackmanager: abort early when not root - reduces slew of errors
commit 0d5b4e216cf5a15e426b60125cf1a97634a7e5a8
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 24 15:59:07 2012 -0500
* packaging update
packaging/lswan_detect.sh detects the distro and init system used.
Added links for centos/foobar to rhel (they use identical version numbers)
Added packaging ubuntu/
We detect Arch Linux and OpenSuse but don't much for those yet.
commit 9a17d8fe004013498f924def6f159b9d9aef7848
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 23 13:16:56 2012 -0500
* ipsec: added shortcut "ipsec status" to "ipsec auto --status"
commit 3df74fad80b217673dc8520d091ba464303363bf
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 22 01:32:20 2012 -0500
updated CREDITS
commit 55aadef41ae5f4911bf637ef52e95ae50c7f882b
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 22 01:20:30 2012 -0500
* update changes
commit d9d6d0ac890d347814ec54909db912b2e6ece9e0
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 22 01:18:54 2012 -0500
* Added David's comment on KLIPS 20% speed gain on TX
commit 556c5e61adebfbbb9deea26247460b7e46db3b51
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 22 01:15:47 2012 -0500
updated changes
commit 1f1bc91cee7d82cd12c89c7ec84cff69b6b1c023
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 22 01:15:16 2012 -0500
* KLIPS: misc. fixes, mostly satot() related
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit aa8f1bca78eeeeb3d73545f84cc8aa558abac09e
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 22 00:53:22 2012 -0500
* KLIPS: fix panic 'proc_dir_entry 'net/pf_key' already registered
Nov 17 15:27:48 l2tp kernel: ------------[ cut here ]------------
Nov 17 15:27:48 l2tp kernel: WARNING: at fs/proc/generic.c:590 proc_register+0x129/0x220() (Tainted: G W --------------- )
Nov 17 15:27:48 l2tp kernel: Hardware name: KVM
Nov 17 15:27:48 l2tp kernel: proc_dir_entry 'net/pf_key' already
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 161d3f0b79865d86e3b19641953504dc27255676
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 19:51:49 2012 -0500
* added packaging/rhel/sysconfig.pluto
commit 16f85de0386b556ba653df2b3b84f15f21181b15
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 19:48:24 2012 -0500
* version: Use =? in Makefile.ver so we can easilly override it
commit a7f8949d5449f2f39c6fcf57c1942d218bac62c2
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 19:44:54 2012 -0500
* Added some debugging in find_raw_ifaces4()
commit a0317677260113e56d11b662812774afede58f07
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 19:29:18 2012 -0500
* initscripts: use -e not -f to test for pluto.ctl, as it is not a regular file
commit e60d3d5dea7858b5b328120caf0bc38632aea396
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 17:32:06 2012 -0500
* added subsys handling to initsystems/sysvinit/init.rhel.in
Also use rm -f for the subsys file in case it does not exist anymore
commit 93715fa74f9746a7b693cdbce02c847468000093
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 17:17:26 2012 -0500
* _plutorun: silence startup to not affect output of sysvinit scripts
It used to echo a startup line, this is now send via logger to syslog
commit ddc4e91a2a069809e6b5ebb900bde41c38fa37c9
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Wed Nov 21 17:06:29 2012 -0500
* debian: Copy SAref patches for Linux 3.2.0 to the module source directory
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 543bad4d77e23e1c277c6ce3f282583115794f7c
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 17:05:13 2012 -0500
* updated changes
commit e93da68701e879703c0efceef4a264ef169bbba4
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Wed Nov 21 17:03:54 2012 -0500
* SAREF: kernel patches updated to linux 3.2.0
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 0075466ab64816399147bf3e0c3f0727307f809a
Merge: 6038599 d0f6309
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 16:50:23 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
Conflicts:
docs/CHANGES.freeswan.pluto
commit 6038599f56ed414ad23f3641f0ea703497efbc04
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 16:46:21 2012 -0500
* fix spec file for RHEL(6)
- fipshmac does not yet take the -d option and stores .hmac files elsewhere.
- Enable copying in /etc/sysconfig/pluto
- Enable USE_LIBCAP_NG
- Install new init script from packaging/rhel/ipsec.init
- Obsolete openswan so libreswan an be installed as an update
commit d0f6309295055d23377be7cb15e21225c82bdda4
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Nov 21 23:42:47 2012 +0200
docs: convert CHANGES.freeswan.pluto to utf8
commit 378adfe320719c48e17d95171bcaedc4d963f0e8
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 16:23:29 2012 -0500
* Support subsys in packaging/rhel/ipsec.init
commit 93197324bb9085c56f47989c31d50247a83e3bc0
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 16:22:54 2012 -0500
* convert CHANGES.freeswan.pluto to utf-8
commit d072d1df107bc8f8b8a79f5dc7f6708446d0bb1b
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 16:00:25 2012 -0500
* move rhel5/ to rhel/
commit c381a9be1f1a3891a07b889f224a68a9b65dea8e
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 21 15:55:29 2012 -0500
* added updated init script in packaging/rhel/
commit ebd981745e27372e69616fb9b5e0e27f0eaf1c57
Merge: fff810d 801690b
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 20 21:50:50 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit fff810d38138c0f47c403b396fc8132c68e50d20
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 20 21:50:21 2012 -0500
* added kvmsetup.sh.sample
commit 801690b618ce056cb5efb2c893fe8c9c3eb4f5c9
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 20 19:04:22 2012 -0500
udpaetd changes with rhbz number
commit d0586f654b1655a9da01fd17ce0e0dc8a7889899
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 20 19:03:47 2012 -0500
* updated changes
commit 233ec8ac709644bcaa5e5054378f34fb171b73bd
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 20 19:03:20 2012 -0500
* update leftid.xml man page (though could use more love)
Regenerated ipsec.conf.5
commit 9a2ce7936885775ba0f134f200469f34034429ca
Author: Matt Rogers <mrogers at redhat.com>
Date: Tue Nov 20 18:50:17 2012 -0500
* support comma's inside OID's by using ",," to mean "," inside the OID
This ig rhbz#868986
This one will allow the escape of a comma inside an OID field by using ',,'
For example, an id that has the OU of "Global, Support, Services" can be specified as:
rightid="C=US, ST=North Carolina, O=Red Hat, OU=Global,, Support,, Services, CN=hostname"
Status will show the correct ID:
<10.13.211.217>[C=US, ST=North Carolina, O=Red Hat, OU=Global, Support, Services, CN=hostname,+S=C];
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 2693c1b6b165ac99227210aeecc5ede53c3d376a
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 20 15:04:04 2012 -0500
* fix quotation for /proc/modules in _stackmanager
This caused us to try and unload modules that were not loaded
commit c1cb462c98d7c8cdcd5535072deb3f549c5c357f
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 20 14:48:10 2012 -0500
* minor script cleanup
re-introduce IPSEC_INIT_SCRIPT_DEBUG for debugging, be quiet on
module unload, and don't be quiet on module unload fail. Also check
for being root when running the ipsec command.
commit 48632095965748656ee028d4d27dc735ed4427d4
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 20 01:13:46 2012 -0500
* nss: build was continuously calling pkg-config
Makefile.inc was passing `pkg-config --cflags nss` which would get
evaluated on each call. Instead, we now set NSSFLAGS using $shell
and include the returned string instead.
commit d8c80a174a84abd8ebf308c8c238d1eb2f83debf
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 20 00:25:32 2012 -0500
* ipsec version: cleanup netkey version
For klips we show a nice clean:
Linux Libreswan 2.9 (klips)
but netkey we showed:
Linux Libreswan U2.9/K3.2.0-29-generic (netkey)
We now no longer show the kernel version for netkey, so it also becomes:
Linux Libreswan 2.9 (netkey)
But we now add the kernel version for both stacks afterwards, eg:
Linux Libreswan 2.9 (netkey) on 3.2.0-29-generic
Linux Libreswan U2.9/K(no kernel code presently loaded) on 3.2.0-29-generic
Linux Libreswan 2.9 (klips) on 3.2.0-29-generic
Linux Libreswan U2.9/K2.95 (klips) on 3.2.0-29-generic
commit 5cab54f58f82e3905d6908ad5e79c3974c2737fb
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 20 00:08:28 2012 -0500
* setlocalversion: Add branch name to our version for manual compiles
This gives us:
$ ipsec version
Linux Libreswan Umaster-2.9-1-gdfb22a7-dirty/K3.6.3-3.fc18.x86_64 (netkey)
commit dfb22a78bc3623cf01efc61d7f9265fb0ce22c9e
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 19 23:55:01 2012 -0500
make version 2.9 for now, until we hit 3.0 as first release
commit 82afcc3eceec6c1090ae39819fafbd57e07cb093
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 19 23:51:30 2012 -0500
* ipsec: give ipsec command a better help function
ipsec help used to tell you to use --help, now it just calls --help
ipsec help now lists the ipsec commands in two columns if the printf
command is available.
Tell use about "ipsec command --help" as well.
commit 01abe21974f74feffce1c8720ea895e00735c9eb
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 19 21:27:43 2012 -0500
* updated README and removed obsoleted docs/RELEASE-NOTES.txt
commit 7c736613d032d03dca62ef8fd938d2e202ed0a0b
Author: Hugh Daniel <hugh at huron.shiphouse.net>
Date: Sat Nov 17 20:42:02 2012 -0800
Removed reference to deleted program (_realsetup) and it's directory.
commit d8540ed278a57564c8f1a29e299e9461882ee13a
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 17:56:02 2012 -0500
* abort when pluto died sooner
commit e5eb3844b78ff16767a7009f4a430b0f999d4ecc
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 17:53:10 2012 -0500
* rhel init script: export IPSEC_SBINDIR and PATH to ensure we find /usr/local
commit 2522cb8b23f253bc23047fdcb83cd1e054bbd7b1
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 17:49:32 2012 -0500
* rhel initscript: Improve handling of killing running pluto
commit 6c6042058b6695837cc115a5f13fe5a5842df3c6
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 17:38:22 2012 -0500
* setup: no longer call _startklips stop, use _stackmanager stop
commit 0a78748c0c0e9df8ecb2cc1a524e8cdbaef5f37d
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 17:32:44 2012 -0500
* setup: fixup systemd check on non-systemd systems
commit ae04e58d63442c437fbc3b13a1e64623add3e31c
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 17:28:45 2012 -0500
* _stackmanage: modprobe does not like extension, fixup tncfg handling
modprobe wants "ipsec" not "ipsec.ko", so check if @MODPROBE@ got
configured as modprobe or insmod (the latter does need it)
ipsec tncfg can detach all ipsecX, so no reason to loop. mast0 needs
a special check to get removed, as it does not appear in /proc/net/ipsec_tncfg
commit 263a1c577919cb41bea4c55fb8fbf3f861dc0306
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 16:50:25 2012 -0500
* remove some cruft from ipsec cmd
commit b19c6faed1ebae893e83e1bf7973fa40157c254d
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 16:50:09 2012 -0500
fix check for loaded klips module
commit fc09346e30bfc81ce6c6fabee5944939bcc79352
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 16:40:13 2012 -0500
* _stackmanager: remove bogus target 'start'
commit b58dd5c5b9a5013ea0f709c7ead74c07ac3177e2
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 16:22:02 2012 -0500
* fix quoting in _stackmanager for stopping klips
commit 176e54efe5e3d38a4f3b41b241db8486482d4870
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 15:39:24 2012 -0500
* ipsec version: remove distro.txt support that caused a 2 line version
commit d765966849677d2e6946e45b4eede0ce33fd4d1a
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 15:31:36 2012 -0500
* _stackmanager: missing ";;" in restart) case
commit e539c38a8b737571e1412c402c0963c13eafd7fe
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 15:26:05 2012 -0500
* setup: compare with string, not integer for pid, incase it is ""
commit 6a6e6892b38713ac05aea3b1c801bb4b0e05be60
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 13:56:34 2012 -0500
* _stackmanager: shell functions are not called with brackets
commit d49ffce010eea4c44d1eaed10ed8070688df90c4
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 13:54:15 2012 -0500
* addconn: ensure --liststack is not too verbose and only returns stack info
commit 3f343c5a0dcf86763ddd9fcc773881803d4e6ca6
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 17 00:35:29 2012 -0500
* _stackmanager: replace old calls to _startnetkey/_startklips
commit ef88ae5c32abd6c3dc6ec7ff37df6690e8ac2fe9
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 16 21:00:59 2012 -0500
updated changes
commit 0a6e93963ff149a5edccfcaf0cb0437ec4d473ef
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 16 21:00:12 2012 -0500
* _stackmanager: new script replacing _startnetkey/_startklips/_realsetup
commit 81354936e4c358a2686f94766faad9abbbdd74da
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 16 19:11:46 2012 -0500
* addconn: only display debug info about routing with --verbose
commit 76f64fee78fbe25ae7371efbd3e95539d39a5b5f
Merge: 092d735 6ed125b
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 16 16:58:23 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 092d7352bed48c52181b7f27dc111451fc458a7c
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 16 16:58:03 2012 -0500
updated changes
commit c0fbb92715a7b67ee7a0aa2f6d372b69e6938518
Author: Roel van Meer <roel.vanmeer at bokxing.nl>
Date: Fri Nov 16 16:56:42 2012 -0500
* pluto: incorrect free in scan_proc_shunts()
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 6ed125b0aefe0fee44baf41da3d56560f3813a84
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 16 15:47:52 2012 -0500
* add commented vendorid from Solaris
Solaris 10 has RF 3974 but also md5('RFC XXXX') whih is 810fa565f8ab14369105d706fbd57279
(yes, the 'XXXX' are _really_ four times the letter X)
commit b0ffc58137b082c53b99434fc1d1d5ead99a43e9
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 15 22:39:31 2012 -0500
* Remove _realsetup from the Makefile
commit 87cd553dfd716c2a8115a8ce04f5cbab0d3dc25f
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 14 14:50:07 2012 -0500
* fixup rhel init script. spin off start of debian specific version
commit 6a92a3a3e90b4ea66b33f0ac99796e83cc580acb
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 14 14:15:07 2012 -0500
* Move programs/sysvinit (was programs/setup) to initsystems/sysvinit
commit 6bb1e8b88a39e9fcbbb55484ce04d711cb774dbf
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 14 14:03:12 2012 -0500
* renamed setup/_realsetup
"ipsec setup" is now a wrapper pointing to the right initsystem.
There will be no more ipsec _realsetup
commit c432cd366539be2650e52b5be518247ac477ed46
Merge: e066e7a a38e4bc
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Wed Nov 14 12:20:05 2012 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit a38e4bc5d1d110dd3412947973752ac1d1ec05d7
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 12 20:58:39 2012 -0500
* _startnetkey: cleanup, added new rng kernel modules
commit 8aaa163afdc4f70808294ba1a085cce911b7de2c
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 12 20:50:12 2012 -0500
* _plutorun: updated man page
commit af56b52808f21b9e393f2e492d9f68d34acf1495
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 12 16:15:29 2012 -0500
* rhel5: spec file updated
commit f027c94e8f12dd029bc18fd48c9e3d06ab0c6bb9
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 12 15:41:51 2012 -0500
* _plutorun: provide a default ipsec.secrets in case it was not specified.
We really need to add a secretsfile= configuration option for config setup
commit 5dba564a5d22a043fa3d28762c8348176a1841ba
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Nov 12 15:12:32 2012 -0500
* updated _plutorun - re-instated some logic
commit fb7829000c7520cacdd37609ef6fde295ab3cd76
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 9 22:27:59 2012 -0500
* addconn: grab default route from netkey (not final commit)
This uses "8.8.8.8" to determine default route until I figure out how
to use 0.0.0.0 without getting 127.0.0.1
commit 0bd93b6fed0464ee85bfcd8cac6226b482f39398
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 9 22:27:39 2012 -0500
* remove logger pipe
commit d45f5ec08a3d294880d852f3aa870417c5517400
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 9 22:27:08 2012 -0500
* _confread/ now lives on as configs/
commit c3a81d631801ccc5b0002ac2dcf28772417f3f3c
Merge: 3977aa7 efb23ca
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 9 17:20:11 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 3977aa7844651faf15b2ce7a60e68c624bf4a6aa
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 9 17:17:48 2012 -0500
updated changes
commit 543c40ca99d00081b33ae2de1eed02eb1db5b726
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 9 17:16:24 2012 -0500
* auto: no longer pass defaultroute/defaultrouteaddr to addconn
This is obsoleted and no longer needed
commit a26e4677d052257564c890f728a839f7b7bf23b1
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 9 17:15:22 2012 -0500
* _plutoload: obsoleted
commit efb23cac50f33e67e599c60f26b5503407c3cb1a
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 9 00:36:31 2012 -0500
* scripting: redid pluto startup and scripting.
This involves _realsetup, setup, _startnetkey and _plutorun.
The _startklips script still needs to be converted (tomorrow)
commit 123ea4cb36814f16138a3e1c2ad8ab5eeed7b6fa
Merge: c526b74 a276999
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 8 21:58:17 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a276999df15e8b41fe5440c276a75f07d1e209b6
Merge: 86d8de3 a075826
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 8 12:34:54 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 86d8de3d5ac8a684839fab5ab28a7053670fe955
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 8 12:34:39 2012 -0500
* updated changes
commit cc2697dc984bf020543a1fc5d8648dc506a5087d
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 8 12:33:41 2012 -0500
* pluto: if started with --nofork, don't care about existing pid file
Instead, remove it and write a new one.
commit c526b74e382a06c892c900484c3f9b7ca4d85355
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 8 11:55:59 2012 -0500
* change version from 0.9.9 to 3.0
commit a07582686ce9632269dd003b6d317cbf44d67999
Merge: 2be0df9 facbc6b
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 8 11:55:10 2012 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 2be0df9580f13e4ef96e360ad26145c59c31c149
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 8 11:53:52 2012 -0500
* fedora: systemd support in fedora spec file
This uses the new systemd files and startup method.
commit facbc6b5bf41bdd1fcc8dadaecc892e77c168d6c
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 8 11:52:19 2012 -0500
* auto: port defaultroute/address detection from _startnetkey to auto
It handles the more complicated scenarios like PPTP with default
routes into interfaces without "via"
commit a637551c31960ed3ff720cec0c29444b9665f772
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 8 11:33:55 2012 -0500
* auto: ignore routes without gateway
i.e. I have this one: default dev virbr0 metric 30000
commit 56c2c5f6db3c7cf5c7045cef33b5fd25e2562e7a
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Nov 7 18:32:54 2012 -0500
* fedora: add sysconfig.pluto and ipsec.service files.
commit 6f13b4338c72951b62f6844dd3f6db299129421e
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 6 23:10:28 2012 -0500
updated changes
commit 8c16da9d3920390c63c177876ca7958847bd5ac2
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 6 23:01:28 2012 -0500
* pluto: perform whack --listen and addconn --autoall on startup
pluto's call_server() code now runs the equivalent of wack --listen
and addconn --autoall on startup. The latter is done using (v)fork()
and actually calling the "addconn" binary with --autoall option.
- This new child still needs to be reaped (it's now a zombie when done)
- Doing this caused us to see a message that has always been sent to
/dev/null before (because of pluto's closed stdin/stdout/stderr).
The error happens when adding connections (file:lineno added with this commit)
starter_log(LOG_LEVEL_ERR, "whack: write() starterwhack.c:124 failed (%d %s), and ignored.\n",
It is harmless (and as said, was already happening but we never saw it)
This now means that pluto on startup loads all connections that
have auto=add/route/passthrough and starts all connections that have
auto=start. It also means that the plutoload/plutorun scripts are no
longer needed, except for the pluto "restart on fail" option.
This requires the pluto --config /etc/ipsec.conf option to work properly.
TODO: pluto needs to have an option to reread its files on
SIGHUP. Currently, this is ignored. Although pluto can do tehe equivalent
of ipsec whack --rereadall, this currently does not include re-calling
the code that reads --config /etc/ipsec.conf. This new code will also
need to store the pluto optarg list because on re-read those will need
to be processed after parsing the config file - just like on startup.
commit 8a8e054a34e9a187d5af8e312d12825a6b3c842e
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 6 16:38:57 2012 -0500
* pluto: On startup perform equivalent of ipsec whack --listen
Just before entering the infinite loop in call_server(), run the
equivalent of the command "ipsec whack --listen". This was previously
done in _plutoload.
commit e066e7af76cc57a99350f2a6f7a842f8853a0634
Merge: d478061 0a3a280
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Nov 6 10:32:53 2012 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 0a3a2809b72ff1fb4952551cd4077cfaf7d88128
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 6 01:43:49 2012 -0500
updated CHANGES
commit 8119995976ccfa553035d6d9f0111c324ad7b37c
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 6 01:41:44 2012 -0500
* pluto: remove protostack=auto and --use-auto, netkey is the new default
This option was always broken because it needed to be communicated
through scripts and daemons, and caused problems, even when defaulting
auto to klips.
commit 9b7fbb775cf325f468efdbc9b3b3fca6aea8fabe
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 6 00:43:24 2012 -0500
updated changes
commit 2ea7241edba7d1dde1f91b3202155c5eed932dc4
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 6 00:42:43 2012 -0500
updated changes
commit 64a278b669d9c7edc2acdb7a9b19bac941bc496f
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Nov 6 00:40:50 2012 -0500
* mark some obsolete keywords as such. removed dead manual mode code
Obsoleted keywords are pluto, prepluto, postpluto, plutoopts, plutowait
commit d47806178ce32806ba486cf3d521a23a838c1951
Merge: 22d39e2 69a756b
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Nov 4 22:06:33 2012 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 22d39e23e5a8f997783583ec6d3259a67917f30c
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Nov 4 22:05:54 2012 +0100
Philippe Vouters's comments in refinehost_connection following his experience
commit 69a756bd1a1e934feb1bd759045e4e79b4d19ab4
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Nov 3 22:12:39 2012 -0400
* systemd: put working systemd service file for the pluto daemon.
This is a native systemd service file that depends on the new --config /etc/ipsec.conf
option that makes pluto read all its parameters from "config setup". This
obsoletes _plutoload and _plutorun completely.
What still needs to be finished is the replacement script for the kernel module
preparations - currently somewhat drafted in stackmanage.in
commit 1cf6ccf6ba03477dfc94c55520e5a95f955f5b56
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 2 16:31:18 2012 -0400
* pluto: dont stop processing after --coredir argument
There was a "break" instead of "continue" statement.
commit 2b62cc38374c75c729b3316b9608a5bcc53309c8
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Nov 2 16:05:44 2012 -0400
* pluto: only link with unbound when USE_DNSSEC is enabled
commit 4dfb001dc99a42c503a101d38a4dd224d8e94106
Author: Kim B. Heino <b at bbbs.net>
Date: Fri Nov 2 13:26:44 2012 +0200
pluto: add --config parameter to read options from config file
If --config is not specified, pluto works as previously using options
from command line only.
If --config is specified, it should be the first parameter to pluto. It will
overwrite all previously set options. For example this works as expected:
pluto --config /etc/ipsec.conf --debug-all
commit 8bf966b404493a26bff9f5c1d9b155ce9848e287
Author: Kim B. Heino <b at bbbs.net>
Date: Fri Nov 2 12:41:22 2012 +0200
pluto: link with libipsecconf, unbound
commit a13a9ba5e1d801dcccca37bbb025a6425534f047
Author: Kim B. Heino <b at bbbs.net>
Date: Fri Nov 2 12:23:43 2012 +0200
keywords: remove unused KSF_DPDACTION, fix writeconf test
commit 72ec977054ea4233a7ea3413a6d46ecdca121298
Author: Kim B. Heino <b at bbbs.net>
Date: Fri Nov 2 12:16:38 2012 +0200
keywords: remove unused KSF_ACCELERATION
commit 548b7775dfbe5ddbb438cfad5ef0b9c05fa6e54d
Author: Kim B. Heino <b at bbbs.net>
Date: Fri Nov 2 12:16:14 2012 +0200
keywords: remove tailing whitespaces
commit ed72760215b8a13b13e0759e253d7cc3b3218942
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 1 23:53:48 2012 -0400
* Updated README.nss to remove unnecessary configuration parameters
these are not required by default and are network topology specific.
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 717065a5e7caa5d9f0f13e06771a75069ca405b8
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 1 23:48:56 2012 -0400
* isanat_oa_fields was using one 3 octet field instead of 1 plus 2 octets
This is related to rhbz#834400
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 3ae77791c2f5e2df30a23c97fe3f4d1aec9f15e9
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 1 23:37:50 2012 -0400
* add warning to odd unreachable code segment to fix later
commit d772f0287d7e2bad5e42fd64745ba27b0f34aa07
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 1 23:36:03 2012 -0400
* partial fix for print_sa_v2_attr()
commit d2b435a5f4641354b992b01e2cf5ccdd8f828c1a
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 1 23:22:28 2012 -0400
* include nspr.h
commit e047717c0f68b6aab40e845e46990963f4630c51
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 1 23:20:18 2012 -0400
* crypt_dh.c: int k should be unsigned.
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 4d344046ed6374400016d70949c51bf417f123eb
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 1 23:18:19 2012 -0400
* connections.c: eclipsed() always returns NULL - needs rewrite/removal
Found by Avesh
commit 0d74f513eb7fdbae60ce3d6e67d4ca373f666ec7
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 1 23:15:34 2012 -0400
* connections.c: Removed an #ifdf DEBUG that could never be unset
commit b7d2ae27f1475755a7c1904cea1781b425fe351a
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 1 23:09:12 2012 -0400
* Fix possible leak in secrets parser
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit cf8f0d1f12a21a7a58542a10dec98b2abee18dbf
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 1 23:01:39 2012 -0400
* pem.c: Fix blob copy handling in password prompting routine
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 7618b01fd683b4b6fcf357f5b5c930ec1ad6bcd6
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 1 22:55:36 2012 -0400
* confread: Remove redundant check for alsos != NULL
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 1075df0066720565581efe5df0d6bd9fcd06bff6
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 1 22:52:35 2012 -0400
* Missed two instances of HMAC_BUFSIZE -> hasher->hash_block_size
commit 0cd362eca1e8a5790b7225d219222002551a8314
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 1 22:51:50 2012 -0400
* Fixup on Avesh's patch for NSS supporting SHA2 384/512
commit 931579172443a1f24092443944a11a11e53e94e0
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Nov 1 16:02:21 2012 -0400
updated changes
commit 6ef316d8b708a7c2d964ea89b5c54abf4d3f8962
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 1 16:01:37 2012 -0400
rhbz#609343: pluto crashes when removing logical interface
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit bd38515b514702653ddc8964b4a7659c9de47054
Merge: a4b99eb 7777008
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 31 16:59:06 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a4b99eb0ea1e881d6dd6df4a10087a0a04a7b33e
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 31 16:33:12 2012 -0400
* addconn: don't print \n for --liststack
commit 77770086591e1509d78cabca526c81d833319360
Author: Kim B. Heino <b at bbbs.net>
Date: Wed Oct 31 14:42:15 2012 +0200
pluto: remove unused global_argv/argc variables
commit 0edf641d0228ab5557914c4c1b6f1901110da775
Author: Kim B. Heino <b at bbbs.net>
Date: Wed Oct 31 14:29:15 2012 +0200
plutomain: remove tailing whitespaces
commit f8af547a1c28d67666af4a0a32df95cb35a43a82
Author: Kim B. Heino <b at bbbs.net>
Date: Wed Oct 31 14:28:48 2012 +0200
pluto/Makefile: remove tailing whitespaces
commit 0bfed4f573ce5d77b991b6fabf5389f28a527ebd
Author: Kim B. Heino <b at bbbs.net>
Date: Wed Oct 31 14:26:50 2012 +0200
libipsecconf: remove unused passert_fail() function
commit 3c60a3add2158dc4bfddfb2b44107e04bd6c603d
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 30 18:25:10 2012 -0400
* addconn: added --liststack option that only shows protostack= value
commit 96d08f4fb00e6d98cf4e0d5ec5071435b3610144
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 30 17:49:03 2012 -0400
* addconn: Added --noexport option that skips printing the "export" keyword
commit 291877272f018784b154df3232dd049b56c87d6c
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 30 17:02:05 2012 -0400
* moved programs/pluto/CHANGES to docs/CHANGES.freeswan.pluto
commit e58a8af2b8f14c06292f6f8ba3b899de6dd15747
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 30 17:01:46 2012 -0400
updated changes
commit 3e42799e43f0654bc018e6a051021cb33cf2b60c
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 30 17:00:39 2012 -0400
* testing: * Remove partial optionsfrom() test functions
commit 49d3906f7323487a48a508d78e525252158b521b
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 30 16:58:24 2012 -0400
* Remove optionsfrom() support
This could be used to be able to put "sensitive" options into a temp file,
then pass it using --optionsfrom /some/filename
commit fa8cd1a8cca4d54c652a52121e0324d70ab36f32
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 30 14:46:52 2012 -0400
testing: updated readme
commit 2a5785dfc2e76b2bc85f11eed4b7f50afa747ca3
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 30 01:07:12 2012 -0400
* updated changes
commit 6881a0d52dd4bcec59ccffc108b7ceee6466267d
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 30 01:00:15 2012 -0400
* addconn: mimic _plutoload, cleanup and fixup of functions
addconn is used by _plutoload to load all the connections according
to their auto= setting. While addconn has an "--addall" option to
do so, this was not used because it wanted to load the conns in an
order where first auto=route are all loaded (which could install %holds
to block leaking traffic) before auto=start connections were loaded,
which could cause delays.
I changed the --addall option to mimic this behaviour. I also called
the option --autoall to make it less confusing (it was not doing auto=add)
_plutoload found about which were auto=route and which were auto=start
by calling addconn --listadd and addconn --listroute. I added --listignore,
--liststart. addconn used to abort when done with one option, now it
continues so you can ask for --listadd --listroute to get both.
I also found some undocumented options, which I documented. One of
these, the --search option seemed completely broken. Nothing in the
tree actually called addconn with the --search option, so I removed it.
A systemd ipsec.service can now use PostExecaddconn --autoall and
_plutoload can be removed from the call chain.
commit 23e559b246feb65ebc8c6ea247403afbc8db0a21
Merge: c35f942 61090ee
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 29 17:44:22 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
Conflicts:
testing/libvirt/vm-libvirt.sh
commit c35f942565aae7003ab25b6a87e2377b4cc3f633
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 29 17:31:08 2012 -0400
* testing: update of testing/libvirt scripts.
commit 61090eea5f62cf5bd4c070b8e3a5506395b5f2c1
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 29 14:42:17 2012 -0400
* bump prerelease version to 3.0.0
commit 7ce8a8d2f07dc06829e99d65f416c62e5b6e67f2
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 29 14:41:46 2012 -0400
* testing: group for VM needs to get numerical value of 'qemu'
commit 37ca04bd22c23ff318b2873aef1dcc8bea4d8240
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 29 12:59:54 2012 -0400
* testing: Install KVM's to run under uid of user, not qemu
This ensures all writes down by the KVM instances in the source
tree have the same uid as the owner of the source tree.
It still needs group qemu or else it cannot write to
/var/lib/libvirt/qemu/vnmname.monitor
commit fdafee8605980debea29e0043a5c2de7acd22bea
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 29 00:16:26 2012 -0400
updated changes
commit a83c2eccfb602200c5f8079476064630986766ef
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 29 00:10:22 2012 -0400
* remove showpolicy from fipscheck list.
commit 7461272acc366fedabe837d083c7f0784e688dcb
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 29 00:08:02 2012 -0400
updated changes
commit 68978220920ed878fc199c41ea71e14b90bf2ed2
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 29 00:07:43 2012 -0400
* Removed unused libipsecpolicy code
commit 3f824b85e9523b32cca0f871c3872f17516437d0
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 23:58:41 2012 -0400
* cleanup some Makefile cruft
commit 20f646a7db239b47351c071f7154b2f97ac10eae
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 23:39:52 2012 -0400
* Remove "examples" target subdir from the Makefile
commit 49e69cd6627cf4d388f66acb8176c95f87b45d1d
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 23:37:34 2012 -0400
* Remove half-baked "vendor" identifier that never worked
It only caused lots of noise during build
commit c4fc86157fbfcbd3ee93c3149474697f36b7151a
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 23:31:39 2012 -0400
* spec files does not need to deal with examples/* anymore.
commit 5a60eaf0686ad4bf775fb5c1aafe63f468e7684f
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 23:30:33 2012 -0400
* rename files, they dont need .in processing
commit e6fec880fa6f1c1f49a7f7974d6ff71fed43052c
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 23:25:41 2012 -0400
* rename some files/dirs
programs/examples -> docs/examples
programs/_confread -> programs/configs
commit bb1f9e9751a96fe95049b4965e78528201012b42
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 23:21:30 2012 -0400
* regenerate ipsec.conf.5
commit 580392615938de05954e9f15f27a4dd9977b1596
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 15:05:04 2012 -0400
updated changes
commit 036a9cc251b89f211a404bca91d4238599f4c570
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 15:04:17 2012 -0400
* pluto: remove pluto=yes|no start option and manualconn remnants
commit e7c0faa291974e16adf53691564189d01708de09
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 14:58:07 2012 -0400
* Removed obsoleted documentation README.conf.V2
commit 1c5038df49db35f808a52f0d320e218dea214abc
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 14:56:18 2012 -0400
* pluto: plutowait= option removed
This should be passed to addconn via /etc/sysconfig/addcon or
/etc/default/addcon
commit a0fc4e9df23946e1bacf34996f1b2d54e58b96f5
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 14:46:34 2012 -0400
* pluto: phased out prepluto= and postpluto= config setup options [Paul]
Should be done via initscripts, systemd services, PreExec/PostExec, etc.
commit b9b90b963c8856e5ed20fa586357f16b8d3f874c
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 14:18:03 2012 -0400
* pluto: phased out prepluto= and postpluto= config setup options
These options predate sane init systems and should now be performed
there. On Fedora/RHEL, use a separate systemd prepluto/postpluto
service file or use a PreExec/PostExec option in the ipsec service.
In general, support for uncommon pluto options should go into the
files /etc/sysconfig/pluto on Fedora/RHEL and /etc/default/pluto on
Debian/Ubuntu.
commit 1063947b1777e690312fd9c17ecd78bb3beb2c37
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Oct 28 09:37:50 2012 +0200
CHANGES formatting fixes
commit d2529ccde70ab12bd1a96628fef618cf840f7a65
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 02:19:08 2012 -0400
* remove unused version variable
commit d04052e61e269930522f559cac2446ea34045029
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 02:18:17 2012 -0400
* _startklips: fixup the syslog startup line.
Also simplify detection of mast0/ipsec0 via /sys/ file instead of
10 line inline awk script.
commit a2036d080a651083acd7ba0ece2b6f3517a3aa70
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 01:37:30 2012 -0400
* readwriteconf: rootdir/rootdir2 variables could overflow
There was an off by one error due to use of sizeof()
commit 17b4be190796a36fb7f26c74b9a889dc18c2a6bc
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 01:05:54 2012 -0400
* removed unused pod2man perl hacking in Makefile.manpages
commit cac9c9a5c035105dcb0cf22d62d0795cf9b5c94b
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 00:57:03 2012 -0400
Updated changed
commit 7d7baf7ddb57590ce113cfdcaea1ca28ae778de8
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 00:56:10 2012 -0400
* mailkey: Removed obsolete command. Was already not build or installed
commit d4d90db4aff745464208bc519cd126f0d887fb2a
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 00:54:15 2012 -0400
* policy: Removed broken 'ipsec policy' [Paul]
It only supported mast, not klips or netkey. And even for mast it
did not work in transport mode. And it was written in perl. It is
not an "ipsec eroute" replacement we will ever develop or use.
commit 57af373a28e6efecb6eb108be97ba03b3746f298
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 00:41:47 2012 -0400
* _include: Removed obsolete _include
It's only left call was in ipsec barf, where it was used to dump
the ipsec.conf and ipsec.secrets (filtered through a key censor)
We now have readwriteconf that does that using our C parser for
ipsec.conf (include file aware), so we use that.
For the ipsec.secrets file, we don't have an alternative, as we don't
currently have a readwritesecretconf type test that's run in "make check"
like we do for the readwriteconf tests. So for now we use "cat". So
we will miss the included secrets for now. But this is only a debug tool,
so not very essential.
commit 512901108a9fc971d85d8414625bbeea64136292
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 00:36:12 2012 -0400
* readwriteconf: was not being built and installed
Also fixed to link against libunbound when using USE_DNSSEC
commit 0e7ceda3fd561edd3709d6e0bcb915279044983f
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 28 00:26:54 2012 -0400
* remove cruft from programs/_confread/
commit 39651499350559b1ab5edbc72b81404ea4a1872f
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 23:48:15 2012 -0400
* remove obsoleted manual keying section
commit 965024c9a928e26096eec99cf9fcd2f6f4fb8688
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 23:40:44 2012 -0400
* Phased out "ipsec auto" usage in scripts
Scripts now directly call the proper ipsec whack commands. Only
humans call "ipsec auto".
commit ea732d460f0a39ed167ac12556be6390fbf489c7
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 23:35:53 2012 -0400
* verify: fix bad ipsec auto usage in comment old perl code
commit 61edc89f2ec97aa5fd20990b72435cc24018ea30
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 23:19:51 2012 -0400
* updated changes
commit 6a6daec90e1c0470be0f0876c7028e5566819a42
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 23:15:45 2012 -0400
* scripts: phased out /var/run/pluto/ipsec.info
This information is now obtained in the scripts directly. A lot of
this usage will probably get phased out when _plutorun/_plutoload will
be removed. This still needs testing when used with point-to-point
interfaces.
It seems this information is mostly used for ipsec tncfg to bind
the physical interface to the virtual interface, and to give
the default source ip and nexthop to addconn, which will feed this
into pluto. The new pluto should probably just not care, and pick
whatever is the default IP and nexthop, but that needs some more
careful thinking (with DHR)
commit f98f20affa7145c236f363f78f087c4e04be7ac5
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 19:59:12 2012 -0400
updated changes
commit 3066d1320bf57d2f7075596f618f09e692064ef9
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 19:57:55 2012 -0400
* showdefaults: removed ipsec showdefaults
showdefaults is simply outputting /var/run/ipsec/ipsec.info,
which we are phasing out altogether.
commit 7b3406d2b0d94f00207dc9bb5ef6bbba296f1ac4
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 19:07:10 2012 -0400
* in skeyid_preshared(), buf1 and buf2 were not properly sized
Avesh had properly doubled there size - I had somehow missed that
in my merge.
commit c85f11a80e17e8e23ed6c4dde1a2b2275c970bf8
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 18:37:47 2012 -0400
* XAUTH: re-enable xauth_calcbaseauth() for now.
Also, don't hit bad_case() and thus crash when receiving an unknown
XAUTH TYPE, instead, just return NULL from refine_connection() after
logging the unsupported case.
commit edb9f79403ee14e466b805db847714eba2f24fbf
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 18:36:48 2012 -0400
* comment added regarding xauth_calcbaseauth()
I feel this is a candidate to phase out. We should write out the real
states in the switch case, so we can do appropriate special handling,
instead of mapping this away.
commit 375afe0a4072f7669a1a937d6a721990809eb653
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 17:58:10 2012 -0400
* fix building in mock
- hostname was not in the build root
- we need to exlude the softlink setup from fipshmac calculation
commit 7bc5adce6c18f810beb0f13e6e6158e249d18be5
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 15:37:28 2012 -0400
* CHANGES: add pointer to docs/CHANGES.openswan
commit 49cf335c5fc533f8caf1df4804603cf249f1873b
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 15:35:48 2012 -0400
* cleanup libreswan.spec
We do not need manual requires for curl or openldap. (we don't even
need curl, just libcurl, which is found by rpmbuild)
commit 6505ba1bdf9c20d078dde145bcbb3554be862d92
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 27 15:29:14 2012 -0400
* Updated, re-ordered, rewrite the CHANGES file.
commit c9a459d89d6f5d6263422eefd945aa274688619d
Author: Team Libreswan <info at libreswan.org>
Date: Sat Oct 27 15:26:52 2012 -0400
* Added TRADEMARK file placeholder
commit 9a6d93e139b25efce9664e194cdf963cb0ccc30c
Author: Paul Wouters <paul at nohats.ca>
Date: Fri Oct 26 13:31:18 2012 -0400
* Always include CAP_AUDIT_CONTROL - we need it for other things too
Specifically, we need to log key agreement and destruction via the
audit log, see issue #1405
commit 87d900f31ea724c6162f8ad90d98962c5281e801
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Thu Oct 25 21:40:42 2012 +0200
crlcheckinterval seen as a number - Final fix
commit e5fdcd10413aafa921c8fb61b3276148e065dddf
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Thu Oct 25 17:54:41 2012 +0200
specify expected syntax for crlcheckinterval
commit d72ac60f8a3d140bf185b99ce2486924b28d7f53
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Thu Oct 25 17:27:53 2012 +0200
fetch.c ldap (untested) awaiting for a HOW-TO on CRL fetching
commit 4d208f30dbe854bab8864f27dac8862a1ca3402d
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Thu Oct 25 17:25:21 2012 +0200
fetch.c ldap (untested) awaiting for a HOW-TO on CRL fetching
commit a2e1d817ef234561177e3bf9675b716ea9acdfe6
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Thu Oct 25 12:00:25 2012 +0200
Added CAP_AUDIT_CONTROL capability to pluto if XAUTH_HAVE_PAM
commit df4eb7d587bb5e62f1faf7f2f1c2ebb3d9ef810f
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Thu Oct 25 07:53:59 2012 +0200
Correctly dealing with ipsec.secrets
commit 9299a4b457bfff399d5a8855fc49fb4098eb59ac
Merge: 51d5eb4 24354c1
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 22:19:53 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 51d5eb41aab3efed73f5344ccd77f6f1a25c80d7
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 20:17:19 2012 -0400
* testing: basic-pluto-05 fixup
commit e1ded44882a004fe491eacfea0bdbcf6bb0d95ad
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 20:15:48 2012 -0400
* testing: fixup basic-pluto-04 (untested)
commit 10e353869c0fc51a3315bb0e84fd56889f8936bb
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 20:12:58 2012 -0400
* testing: fixup basic-pluto-03 (untested, it uses north and NAT)
commit 8a11ebda9efca24e7add9d66c14f5f46fb64e384
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 20:07:25 2012 -0400
* testing: fixup of basic-pluto-02 but testcase is broken
It is missing west.conf and east.conf, so we need to look at a
much older tree to see what hapened.
commit 5635206e70bd871b80516caed9adf945c0ad3452
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 20:04:40 2012 -0400
* testing: fixup of basic-pluto-01
commit 32b1eeacef7b0dc938afa00ffa69d29a6d4dabf3
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 19:55:16 2012 -0400
* testing: fixup ikev2-* and interop-ikev2-* tests for echo "initdone"
commit 339f2076ed15b73abac1b7bd7312c40307d65249
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 19:51:47 2012 -0400
* testing: install ipsec-tools package for interop tests
commit a4af8ad4960b28b0c83ead567b3d6a31843b1ef0
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 19:42:52 2012 -0400
* testing: move wait-until-network-ready from individual tests to *local.sh
commit 2872134b08720eb6327a340bc0fd6afcb6077ba6
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 19:36:46 2012 -0400
* testing: remove manual calls that got moved to *local.sh
commit bfc98ca2eeef347774da86ecbfd32fd2c23aec70
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 19:33:20 2012 -0400
* testing: move some often used *init.sh parts into *local.sh
Mostly clear old firewall rules, sysctl.conf calls, ipsec stopping
when running, and creating the pluto.log softlink.
commit 0c1e43596c39531955bcaf0b9b604b0e9be2122b
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 19:23:24 2012 -0400
* testing: reset firewall rules and stop pluto if running in *local.sh
commit 3801977685ba8ef730a89287300b3542ca73dbeb
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 19:16:16 2012 -0400
* testing: In swaninit, if a pluto is running, run ipsec setup stop
commit 183f834cc5e29cffe9c73c60390b93c22e38aaa0
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 18:48:15 2012 -0400
* testing: Add nat_traversal=yse and proper virtual_private lines for east/west
commit 9eab002adfc916f1397f0171ffd7bd7f54e5be16
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 24 18:27:59 2012 -0400
* testing: fixup test case ikev2-09-rw-rsa
It used %any on both sides, instead of %defaultroute on one.
It also used the old rsa keys instead of the nss based ones.
commit 24354c17698d08cc27a4e8ed7d520693c1b53517
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Oct 23 19:14:07 2012 +0200
documented correct syntax for crlcheckinterval
commit f3620ca7116c22a1d3c97c488e2d053fa9515be1
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Oct 23 16:07:48 2012 +0200
ipsec auto --listxxxx and ipsec auto --rereadxxx were not working after ocspcerts
commit b36cc0bda8d51adbd7f1dbf3560e5752d8231439
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 22 23:27:32 2012 -0400
* testing: Fixup of a bunch of IKEv2 tests to use KVM subsystem
Also introduced pluto/bin/wait-until-network-ready which waits until
we have a default route.
Not all changed tests are successful yet. 6msg and biddown are
unexpectedly failing. rw test needs config change. X509 certs have
not been redone yet.
commit 11f5a439660daf8ba6e925319b3a5cfadfb1c7b2
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 22 20:03:48 2012 -0400
* testing: copy ssh keys in guests
commit e683927ea4fd2428b8f6408f929b1cac28bef95d
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 22 20:02:50 2012 -0400
* Fix file installed in /etc/profile.d/swanpath.sh
This ensures all swan<tab> commands are in our path
commit 62e6e92ed8e35ee6655adae90e04b127ce32bcf6
Merge: d4b7d05 58c99f0
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 22 18:56:04 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d4b7d05ba0d078032c546bafc1b353436de52232
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 22 18:53:59 2012 -0400
* testing: Add ssh keys and authorized_keys for testing VMs
This installs the same ssh host key for east, west, north, road, etc.
Otherwise, developers keep having to edit their knownhosts files on
re-installing the test VM's
We also install authorized_keys of Antony, Tuomo and Paul so they
can login to these systems without passwords. These test VMs
configure themselves on non-routable IP space, so they should never
be exposed to the world.
commit 699aa9272c3474c1a3c764514ebb043a903ef605
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 22 18:53:46 2012 -0400
* testing: compile and install userland and klips in kickstart %post
commit 021a0f46c392e4af9b6942aba72a80441dd199cf
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 22 18:48:46 2012 -0400
* change ft_mbz to ft_zig
This was a pending change after talking to both dhr and Avesh.
We now continue and ignore all receiving bits that should be zero
but are not in in_struct()
In out_struct(), code was already in place to zeroize what we believe
must be zero for our outgoing packets.
This makes us liberal in what to receive, and strict in what we sent.
It also removes having two different "zeroish" fields of ft_mbz/ft_zig,
as our payload definitions are used symmetrically, so the distinction
was a little weird.
commit ab3fb39075a8904484692db5e10902467d6e0317
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 22 17:39:03 2012 -0400
* update vendorids with known GSS API vendorids
commit 58c99f05cff139d264c8b1703c7c38c10bdab417
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Mon Oct 22 21:53:38 2012 +0200
Lacking @ in @[GroupName]
commit c69b26e4ad6d32edf231da960bbf6765febbf45e
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Mon Oct 22 21:53:13 2012 +0200
Lacking @ in @[GroupName]
commit a1962c7995e56338c378061e389ccff28fd0e6aa
Merge: d586d3b 3f74442
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 22 10:42:17 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d586d3b71cca7016ad2181718933cc0fc9351600
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 22 10:41:12 2012 -0400
* man: Add entry to man page about leftid=[groupname] using ID_KEY_ID
Thanks to Philippe for spotting this.
commit 3f744428faac56db86c310da4349bb12f3878e35
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Mon Oct 22 15:30:46 2012 +0200
Fixes to XAUTH TYPE
commit e65ce1aebf9638cc86a918adad62e1326f526909
Merge: 2333a8b 13c91da
Author: Paul Wouters <paul at nohats.ca>
Date: Sun Oct 21 18:42:42 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 2333a8bf62d0341ffc9c660db50e17478e02693e
Author: Paul Wouters <paul at nohats.ca>
Date: Sun Oct 21 18:41:46 2012 -0400
* testing: gathered data for iOS/OSX racoon "cisco ipsec"
commit 13c91da3451627dedece5bef8c47b56d0e71d45b
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 20 18:30:30 2012 -0400
* testing: use sudo for 'dd' command
commit 5c66818ca8670e4a95ef0e53de95ff81e213c373
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 20 17:15:20 2012 -0400
* testing: disabled baseconfigs/net.japan.sh
It conflicts with the configuration of 'road' and road is used in
35 tests and japan in one plutotest (and some co-terminal tests)
commit c799b900e336ab3e8c456e33595be632bec6c304
Author: Paul Wouters <paul at nohats.ca>
Date: Sat Oct 20 17:04:54 2012 -0400
* testing: fixup fedora reference in ubuntu.sh
commit dcc607530a77ff5124e3c6d4d8c90a5036b8b590
Author: Paul Wouters <paul at nohats.ca>
Date: Sat Oct 20 16:55:56 2012 -0400
* testing: added swan03 network, north and road VM creation
commit fa7f28277f332b48d4ad789f7fdc23876cbeb4f4
Author: Paul Wouters <paul at nohats.ca>
Date: Sat Oct 20 16:54:29 2012 -0400
* testing: fedora.sh / ubuntu.sh update
- create the meta disk image using dd, as my virt-manager now aborts
on not having a file for its --disk argument (instead of creating
it like it did in the past)
- fixup ubuntu.sh to run on hardware without intel/and VT instructions
commit 63d83df1be1f3f071f724d6d83f4522fd2d9a1df
Author: Antony Antony <appu at phenome.org>
Date: Fri Oct 19 09:25:25 2012 -0400
fix a typo in westinit.sh and run testparms.sh from python
commit 68639aa06bcb72ebb062c9598d04cf4721baeecc
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 13 12:08:41 2012 -0400
update changes
commit 423adde517147be1000fd8cbe7a10aa1547d3151
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 13 12:07:05 2012 -0400
* aggresive mode: also allow ISAKMP_NEXT_CR ISAKMP_NEXT_CERT as payloads
commit f105367def10cd7bb27b2140ab2a273daae43f6a
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Oct 12 17:15:57 2012 -0400
updated changes
commit 4376c98dcc1a14708e6816e03e0b83e50bce91dd
Author: Philippe Vouters <philippe.vouters at laposte.net>
Date: Fri Oct 12 17:14:46 2012 -0400
* Add support for Mutual RSA + XAuth (implies aggressive mode)
Confirmed interop with Shrew Soft IPsec client.
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 497d6c6e1d4efe2d0cdfc7936d0d277d7224fbea
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Oct 12 00:07:58 2012 -0400
updated changes
commit bcbdc459485b6cfae8851ed921bfd33016260c9d
Author: Philippe Vouters <philippe.vouters at laposte.net>
Date: Fri Oct 12 00:03:17 2012 -0400
* IKEv1: aggressive mode sometimes picked wrong RSA/PSK connection
This caused some connections to never be honored by refine_connection.
Also I corrected some warnings in connections.c.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit f6d238933f62cf09f5b361176555bdb8a34643b9
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Oct 10 09:59:14 2012 -0400
updated changes
commit 6b1af7f4ad51bcc3255c81d168679bba518a0a0e
Author: Philippe Vouters <philippe.vouters at laposte.net>
Date: Wed Oct 10 09:57:30 2012 -0400
* bug #993 ipsec showhostkey: wrong kind of key PPK_XAUTH in show_confkey
Skip non-RSA keys when using ipsec showhostkey.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit a287d8806d74675c3f9500274b05d03ff17a4c97
Merge: 495bb0b 355e977
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Oct 9 20:26:18 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
Conflicts:
programs/pluto/vendor.c
commit 495bb0bd72ece7b69c3519d4cefd9e147670bd2f
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Oct 9 20:24:52 2012 -0400
* NATT: simply logging of older nat-t draft proposals
commit 355e977556341840a092ee370624e66c679464df
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 9 18:38:24 2012 -0400
* NAT-T: Fix all broken logging of NAT-T methods / vendor ids
We now always display the method name (which is not the VID name)
and never a number. It used to try and lookup the vendorid name
against the vendormethod, and hence it failed to display text.
I changed things to use a proper enum_name. However, due to the LELEM
use of the method stored in st_nat_traversal, displaying the proper
method there was rather convoluted. But I refrained from splitting
st_nat_traversal into two variables (one for current received prefered
natt vid and one for the natt status detection (us, them or both NATed)
commit e53308b4e439a5712c896b2dbe09d5f5870c33d4
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 9 02:14:51 2012 -0400
* pluto: SWIND vendorid stands for Sidewinder
commit 610db02be75d276f89469949dce39fdc147e1b33
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 9 02:00:12 2012 -0400
* pluto: don' change NATT vendor id string
This string is not for human consumption
commit ab387439c57e1c90e0fdd78c88b38ed029aa2b3b
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 9 01:52:23 2012 -0400
* pluto: add vendorid draft-ietf-ipsec-nat-t-ike-01
Shrew Soft client actually sends this vendorid
commit f2e47254e636dc98333f27960fca672e387bd87a
Merge: 42d5d58 63f442e
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 9 01:44:52 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 42d5d58d48795c214cbe856c6a3a90183b7e2ec6
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 9 01:43:51 2012 -0400
* pluto: Added logging for more vendor id's (Shrew Soft client, etc)
Added netscreen ones and a few others that were mentioned as comments
but not in code.
commit 63f442e561ae1d66c3e3a32e2c806258259692ff
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 8 16:07:39 2012 -0400
updated changes
commit caf8f7925896182d40c69f139901711dfd1916ad
Merge: 1aae75d 545e2c2
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 8 16:07:16 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 1aae75d77b8e80dd257264199a449e1a16bb0c29
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 8 16:06:43 2012 -0400
* OSX: Set __APPLE_USE_RFC_3542 required for udpfromto functionality
commit 545e2c236ffdb356194b70a38107450953ca15fe
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 7 21:47:02 2012 -0400
* xauth: added some xauth attributes we don't support
commit 0d438f4351ee3bc0e23fd85e8dd289198317c92a
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 7 17:30:47 2012 -0400
* XAUTH: Fix misleading warning message on unknown XAUTH parameters
commit e54000b6f51562a42321004eea8a446ee78c120b
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 7 16:52:04 2012 -0400
* testing: add xauthby=file to all xauth test cases
All existing testcases used password file for authenitcation. New
testcases for xauthby=pam using system auth, ldap and ldap via Windows
are being added.
commit 8ec6be62525935eaf46af5769aaa970d79def198
Merge: ce043b2 d6a9295
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Oct 7 16:42:36 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d6a9295866add5b688b18736b0f1f2202786f078
Merge: f8fa89c f77bd48
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Oct 7 13:53:58 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit f8fa89c25e9b2605a6c9dcf415ca895a405bf329
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Oct 7 13:52:17 2012 -0400
* xauth: sync up with Phillipe's changes for xauth.c
commit f77bd484ad68f11f46ae1f46a938c121ad0b5837
Author: Antony Antony <appu at phenome.org>
Date: Sat Oct 6 18:26:41 2012 -0400
* testing: make scripts executable in ikev2-10-basic-rawrsa-nss
commit ae687758469455e6dfdaf15013f414ee75144e1f
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Oct 6 18:24:15 2012 -0400
* testing: change test #10 to use conn westnet-eastnet-ikev2 as well
commit 50b32efd73dcbcb1bf92764abe14fc1f65a4516d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Oct 6 18:17:27 2012 -0400
* testing: fix include west-east-base-id-rsa -> west-east-base-id-nss
commit 30ad2249220b309a988ded8a075267c299e48311
Author: Antony Antony <appu at phenome.org>
Date: Sat Oct 6 17:43:16 2012 -0400
* testing: Regeneration of west/east NSS raw RSA keys.
commit ce043b2617281d9d819576a0279859cb3e3ad650
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 6 16:07:30 2012 -0400
* xauth: I missed a line in Phillipe's patch
commit f9ab9c55c5501130472c811c80205abb3d58d909
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Oct 6 16:06:26 2012 -0400
* xauth: Patch by Phillipe to move Andrej's xauth check.
commit 8d814c70c6506421b253bdf9393a79fb0c0c073a
Author: Philippe Vouters <philippe.vouters at laposte.net>
Date: Sat Oct 6 12:32:18 2012 -0400
* update to make distclean target
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 3e31c1a33b34e1a60403f76d200e657e9653b820
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Oct 6 12:18:49 2012 -0400
* server.c warning: zero-length gnu_printf format string [-Wformat-zero-length]
commit fab5992efb1bb5f16e440e82bc3b0b2d99f7f458
Author: Philippe Vouters <philippe.vouters at laposte.net>
Date: Sat Oct 6 12:17:15 2012 -0400
* DNSSEC: conread.c needs to set empty dnsctx when USE_DNSSEC=false
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 14cfbffe2e74d129c96f4cc451521e05beff42f6
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Oct 5 17:32:32 2012 -0400
* packaging: add pam-devel support using USE_XAUTHPAM
also remove HAVE_THREADS
commit 1451fbf3e6afdc62197da319dcd6e4c53e2a7e47
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Oct 5 15:17:56 2012 -0400
* threads/pam: sync up to latest version of Philippe Vouters' patch
commit 66f65c6e1257d7b7e8e0f7c676cf663c61df5af5
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Oct 4 22:50:10 2012 -0400
* testing: swaninit was not setting testname properly
commit cf97dbe92d5f09b81988d182d951ca4022608789
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Oct 4 22:48:20 2012 -0400
* testing: regenerated NSS configs for east and west
We were missing the CKAIDs from ipsec.secrets and the files no longer
existed. West was generated without SQL, east was generated with SQL
commit 8b4f2310157eb278c1f58b11d478704ff1a293cb
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Oct 4 08:54:45 2012 -0400
updated changes
commit 31fd41caf5f69f71b640cf19cb768cb758b7d81e
Author: Andrey Alexandrenko <aalexandrenko at telco-tech.de>
Date: Thu Oct 4 08:53:36 2012 -0400
* DPD: reduce flood of DPD messages when receiving unexpected seqno
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit cfb827e204fa30cdf613e2d49ff1926aacfb3877
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Oct 3 23:50:40 2012 -0400
* docs: fixup docs/XAUTH.README
commit d794333a6e1d8ee8a99401dcdc9a88aa991eb18c
Merge: e113d77 77c49de
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 2 20:46:45 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit e113d77f37bd7ef14f475c9f9fe2d748cab07f61
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 2 20:46:12 2012 -0400
* testing: restore ikev2-10-basic-rawrsa-nss for now.
commit 77c49dec9854fcab2512b5d7d4448ac9a79b3d83
Author: Antony Antony <appu at phenome.org>
Date: Tue Oct 2 17:25:35 2012 -0400
spliting boot conole and rest ikev2-09-rw-rsa is not good yet
commit 37307c25c3881422ca1574412befc706c5dcfcfc
Author: Antony Antony <appu at phenome.org>
Date: Tue Oct 2 17:00:08 2012 -0400
rename runvm.py to runkvm.py
commit cb1f63a3c8d4fdc7b421aaf6d62e86c990b41d68
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Oct 2 00:24:00 2012 -0400
* starterwhack: suppress loopback/labeled ipsec mesage in addconn
Only log it with DEBUG, not INFO
commit 80cc84a31e833a4ec4f5e3cea9b9c2dcb9e9a925
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 1 23:23:50 2012 -0400
* _plutorun: iIPSEC_CONFDIR check for /etc/ipsec.d/ override was broken
It always passed --ipsecdir /etc/ipsec.d, even when no IPSEC_CONFDDIR
was passed. Because it always set this option, it would not look for
ipsec.d within IPSEC_CONFS as prefix. This was causing the test cases
to fail as the NSS files are in ipsec.d, and it looked in /etc/ipsec.d
instead of in /tmp/TESTNAME/ipsec.d
(note also the double D in IPSEC_CONFDDIR - a little misleading, but I
left it unchanged as to not to break other people's setup
commit 24e99cede87e4996964bc0f685ce005cee3ae594
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 1 21:50:04 2012 -0400
* testing: added swan-build, swan-install, swan-update
Can be run within the guest to build, install or build+install.
You only need to run swan-update on one VM, then you can just do
swan-install on all others. It will then recompile and install
the versions based on the git hostfs mounted in the VMs.
(if you lack a package, dhclient eth3, and umount /etc/resolv.conf,
then yum install xxxx and reboot)
commit 586870fa279f317123f8ac3906f8ce649b514d97
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 1 21:22:26 2012 -0400
* testing: Instead of "virsh reset", use "virsh destroy" + "virsh start"
This will also work if the VMs have not been manually started yet.
commit e59b6c6e510365f658c4fd4f6320a3fefb902442
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 1 21:22:05 2012 -0400
* testing: don't error when directory already exists in mkdir
commit 755ffffa4e8b88374960a3a3d8a5ae8aeef20d00
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 1 21:13:24 2012 -0400
* testing: remove "27" prefix for output files
commit f544118ae52a6adada77497aee2d0f7223b2ca07
Merge: ea6bb5c c61ae45
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 1 21:08:23 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
Conflicts:
testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common
commit ea6bb5c8df9c9197c6daeabd021433da3fcc84d6
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 1 21:07:20 2012 -0400
* testing: changes to west-east-base-id (split in rsa/psk)
commit c61ae4523157596f97fe37068ff248ccba427aeb
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Oct 1 19:12:04 2012 -0400
* testing: Updates to ipsec.conf.common - converted IKEv2 tests to NSS
commit 226083ab6c02061f4bb64357822bea943f6139f1
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 1 18:54:42 2012 -0400
* testing: fixup ikev2-09-rw-psk
commit 761c2f38591fb5e1e9e653eaae15244d3c50c7bc
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 1 17:56:09 2012 -0400
* threads: rename remaining HAVE_THREADS_* entries to THREADS_*
commit beb89755fe982797deaef6051d9591e561c8999d
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 1 17:48:32 2012 -0400
* xauth: sync up with Phillipe Vouters xauth changes.
commit f2567073a13e69fc8cef5bd821eb65b71942bec6
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Sep 29 21:22:11 2012 -0400
* XAUTH//PAM: Change of XAUTH_USEPAM -> XAUTH_HAVE_PAM and threads update
This is the second part of Phillipe Vouter's thread/system pam update.
Additionally, I changed XAUTH_USEPAM to XAUTH_HAVE_PAM, as compiling
support in does not neccessarilly means it is used, because we now
have the xauthby= option that determines if it is used or not.
commit eae378bb5aa043f2f9eeb67519007a8b17ec5d1f
Author: Philippe Vouters <philippe.vouters at laposte.net>
Date: Fri Sep 28 13:43:35 2012 -0400
* XAUTH: Add support for xauthby=<file|pam>
It defaults to file using /etc/ipsec.d/passwd.
Note that file lookups now also use a thread so pluto does not block
if the file resides on a network storage device.
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit da9e5d566eb5c6cb76f1d5bb7bd6dbf4ce2dff93
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 28 13:42:24 2012 -0400
* comment out the pam install - it needs to get moved and support DESTDIR
commit 977b3a47a8054546cf96006f0bd07bfa7b3aa86f
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 28 13:40:48 2012 -0400
* ipsec.conf man page update for xauthby=
commit a93fed22a752dea82ec751c6359797d4e3b02a66
Author: Philippe Vouters <philippe.vouters at laposte.net>
Date: Fri Sep 28 12:49:08 2012 -0400
* Add clarifying braces in pack_str()
commit 0f71a2285eb5255b6ac1f11f128f88f6e39066cd
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 28 12:38:27 2012 -0400
* updated changes
commit ddb7d137606940df0bd6025ff814a926846db9a1
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 28 12:37:04 2012 -0400
* PAM: Move pam config out of contrib, and install in 'make install'
commit e205e66d1c9b4baa1a4ab026c49eebd7893b9b5a
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 28 12:22:45 2012 -0400
* updated changes
commit 5669e634d2cc6a817a2c9123283bb1a25311dd2f
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 28 12:18:58 2012 -0400
* Remove unused OCSP code
We never compiled it in. It was unmaintained and untested. It should
be done using NSS if we want to re-add support for it.
commit b5b0906576389e8b6d4593590b450e5cf361ba02
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 28 11:49:34 2012 -0400
* XAUTH/X509 locking issues reworked
There are several problems with the locking code being partially
bypassed, and the crl fetch function being compiled into an empty
function. See bugs #1390, #1391, #1392.
This patch changes the HAVE_THREADS define, which was misleading
because threads are dependant upon in all cases for the crypto
helpers. Instead, it really referred to CRL/LDAP fetching, and
XAUTHPAM code. So most of the defines got renamed to signify that.
This exposed some problems with the HAVE_THREADS define not being
exposed in all factored out libraries in lib/
The check_crls() function now never compiles into an empty stub. The
function is either defined when CRL fetching is enabled, or it is not
defined. It also had to be moved for this.
The CRL/LDAP fetching code was refactored into segments and ended up
residing in programs/pluto/x509*, programs/pluto/fetch.c and
lib/lib*swan/x509*. However, some of this code used a global
variable inside programs/pluto/x509.c, so this refactoring never
worked (and only compiled because the HAVE_THREADS define was lost
when compiling the moved code into lib/lib*swan/x509*c resulting in
empty stubs or skipped segments)
Note that HAVE_OCSP is never set (it was removed from Makefile.inc
a long time ago), so any code using this ifdef is never used. I will
remove that code (it also should be done using NSS)
commit bf929f56944ffe7c3a7307af4c473d85d2a8afae
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 27 22:15:54 2012 -0400
* avoid warning: zero-length gnu_printf format string [-Wformat-zero-length]
Added the space back in.
commit 3a04bdfa8a66e5c654253d6908b85fabec59bb0a
Merge: 8b682a3 05ddd45
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 27 18:49:45 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 8b682a35518af0ecd474f45acbf20aeb97edde6d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 27 18:49:04 2012 -0400
* debug: when do_command() fails, log it instead of silently ignoring it
commit 05ddd45b40a92603066f91eb76ba5a4ef8fe038d
Merge: 5c9d247 fc69590
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 25 22:40:38 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 5c9d2470f201390d337189c4532f879c4aff62d5
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 25 22:39:23 2012 -0400
* testing: display password in /etc/issue
commit fc695905f87966fd9c83afc2ace22fce870d4bdb
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 25 19:48:59 2012 -0400
* testing: Allow to run virt-install without hardware vm instructions too
commit 6b0ea7d794e73ad728684dff68659a671e4ff94e
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 25 18:16:10 2012 -0400
* add ip l2tp to the barf output
commit 1fb99827eda6d464c9ec88c78ff20a30651f0e1c
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Sep 24 11:42:13 2012 -0400
* labeled ipsec: linking fix
Don't use security_selinux.c when not using HAVE_LABELED_IPSEC
commit 2b9328d5155ac37646b3119fc3979a5aa16d1220
Merge: 725040a 3d54d1e
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Sep 24 10:47:47 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 725040adff9f6081c36d5f6f9ea21d0fb38a319f
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Sep 24 10:45:48 2012 -0400
* whack: fix handling --sha2_truncbug and --nm_configured options
these options are passed without arguments (adding the argument means
on, leaving them out means off), but the attempted to strcmp() and
optarg, which was NULL.
Reported by Andrey Alexandrenko <aalexandrenko at telco-tech.de>
commit 3d54d1e1ae9e7eddab1b2d65a952d04383327035
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 22:33:30 2012 -0400
* testing: add pam headers to fedora/ubuntu kick start files
commit 8d8d4ad83164e293d83132359cd9b738b0514ef8
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 22:15:57 2012 -0400
sync up Makefile.inc to use our existing OSDEP
commit efdb481f3ab49708a6cee88c2b25ff60b26a3133
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 21:54:55 2012 -0400
* Limit XAUTHPAM to systems known to have it (Linux, BSD, Solaris)
commit 8b240e8a12368af6c230b3d907efa56c25211786
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 21:31:52 2012 -0400
* testing: added route6-eth1 for east and west
commit 0219a094775b40e60412c88eaa47e1211e823304
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 21:22:13 2012 -0400
* log.c was also using BLANK_FORMAT
commit 49d6bbd0382474807425606ffdee88b26db55ba2
Merge: d0be483 fded525
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 21:09:51 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d0be483347cd203463ee6db04c3f6a953861c5ad
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 21:09:30 2012 -0400
* Removed BLANK_FORMAT which was set conditionally based on GCC_LINT
Apparently this was some compiler bug - seems to work now, so removed
commit 06d3ec7b5efb386ed622a8e4e5ebd4ac88abbb01
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 20:53:37 2012 -0400
* packaging: fix GCC_LINT handling in libreswan.spec
commit ae06d6daf687faa9dff1956da93f58966bd55a97
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 20:17:39 2012 -0400
* Remove unused argument from find_state_ikev1() / find_state_ikev1_loopback()
commit fa35ac950d6a75065ed5c29988124ec06efb9c00
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 20:11:08 2012 -0400
* Makefile.inc: enable some features while we're not releasing anyway
This enables some of the features already enabled in fedora/rhel/ubuntu/debian
builds. (xauthpam, libcap_ng, labeled_ipsec, ldap, threads)
(note: the goal is to phase out threads use for xauthpam)
commit 9c794518bb5d43e31634ecff488d336111ff0ac6
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 19:48:05 2012 -0400
* OE: next_step was not always defined in error cases
Compiler warned us about next_step possibly being unused. So in
error cases, where we're aborting, set next_stop = fos_done
commit 3b5a67544a2f5f31045d4d18d03f77061d44e328
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 19:40:00 2012 -0400
* remove unused connection c in delete_end()
commit 6ef3f81759f288788da5c20bac601a1b3d23fdd0
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 19:38:31 2012 -0400
* initialise auth_policy to NULL to avoid "may be used uninitialized"
commit 06c2a317f87e05d26487eec5b51df17bb6a144f4
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 19:36:26 2012 -0400
* remove unsused variable num for show_one_sr()
commit 04f9b2400154368a1bd9c8ef21e646fcc6cc1b11
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 23 19:33:19 2012 -0400
* remove unused parameters for delete_end()
commit fded525e649bfda445bef6d8b7406071c0430106
Merge: 36e87fb c34ad28
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 20 18:29:38 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 36e87fb38a3d82301f40004986c4e41303e8e462
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 20 18:28:53 2012 -0400
* testing: changed ipsec look to not need to know location of ipsec.conf
commit c34ad28e6f805195c7482b6cbbda4ce082c2d3e1
Author: Antony Antony <appu at phenome.org>
Date: Thu Sep 20 16:57:42 2012 -0400
fixing tests
paul's cleanup to runvm.py
commit e79cccae9744ed5f669131e16bce40c6095b450f
Author: Paul Wouters <paul at nohats.ca>
Date: Thu Sep 20 16:28:54 2012 -0400
* testing: fix westnet/eastnet (they were renamed with -ipv4 suffix)
commit abdc41aa04d8a8af06d5773042fb37482b022769
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Sep 20 11:13:27 2012 +0300
update CHANGES for #1384
commit 62dd271440ccf834f6db596cb61a7ed839031b7a
Author: Bram <bram-bcrafjna-erqzvar at spam.wizbit.be>
Date: Thu Sep 20 10:56:10 2012 +0300
Fix for bug#1384: confusing output from ipsec auto --status
This is improved version of commit ce490e408d7f74df8a487cb6059e30d031115bcc
adding info about vhost or vnet config into status output of template.
* auto: fix --status output for vnet/vhost case
For rightsubnet=vnet/vhost it would display the right= instead of
of "?". Patch by Ani
Signed-off-by: Tuomo Soini <tis at foobar.fi>
commit 259daf746b97eed44a0c9ac7e7a166a8f9e85976
Author: Paul Wouters <paul at nohats.ca>
Date: Wed Sep 19 23:01:10 2012 -0400
update changes
commit ce490e408d7f74df8a487cb6059e30d031115bcc
Author: Paul Wouters <paul at nohats.ca>
Date: Wed Sep 19 22:59:13 2012 -0400
* auto: fix --status output for vnet/vhost case
For rightsubnet=vnet/vhost it would display the right= instead of
of "?". Patch by Ani
commit e0dc171ef3ce3adb2a3f86df01a9b428bef7b6b3
Author: Antony Antony <appu at phenome.org>
Date: Wed Sep 19 19:53:45 2012 -0400
Squashed commit of the following:
commit 7044d0f613c2b1a54ccfb52bf87f98e47be31483
Author: Antony Antony <appu at phenome.org>
Date: Wed Sep 19 19:45:43 2012 -0400
use searchwindowsize in python
commit 940f3d292d01c0efd4737b669634d1ea4c55c566
Author: Antony Antony <appu at phenome.org>
Date: Wed Sep 19 19:20:57 2012 -0400
pexpect match needs new string every time
commit aecd45e3f64a98cff6c3d12310f48afd84e41d11
Author: Antony Antony <appu at phenome.org>
Date: Wed Sep 19 18:46:25 2012 -0400
change ping target
commit 7e43d12b59d8bb88335547718022ee9bad78ca87
Author: Antony Antony <appu at phenome.org>
Date: Wed Sep 19 18:33:39 2012 -0400
fixing runvm
commit 8316ba0762e40a55041917cf825e6a2bf5dde6ad
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Sep 17 12:12:34 2012 -0400
* testing: always use ipsec.conf.common from /testing
there is no reason to copy this to the VMs in /etc/ipsec.d as it
only results in stale old copies.
commit 51e991dc0cce29982b81033e47f5ab9d1ff9e386
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 19 16:46:26 2012 -0400
* testing: add fstab entries for fedora/rhel, fixup kickstart paths
commit eb48edc4faadcf757f16c2149f263be75d82b66e
Merge: 46c5b66 4ad032a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 19 15:50:53 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 46c5b669286dd68c9e58d981e35ea0682a570bd2
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 19 15:49:27 2012 -0400
* testing: explicitely disable rp_filter for eth[0..4]
commit 4ad032a122a3c6a92f1bb0a78baed4495210350f
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Sep 19 17:37:50 2012 +0200
* testing: Remove VM xml options that libvirt fills in for us.
commit 762e55491e86ee9c8c8688948bf6817c44b3407a
Author: Paul Wouters <paul at nohats.ca>
Date: Tue Sep 18 16:06:22 2012 -0400
* testing: scripts inside libvirt still thought they lived in fedora-setup
commit 4452fdbe1ea2629575ef467d3bfcc2662fd6bd7a
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Sep 17 14:14:13 2012 -0400
* testing: deleted VMs /etc/motd which all contained old bogus data
commit 14b9e8410519e95045ccd0bdd5dafd335ecc5f8e
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Sep 17 14:08:49 2012 -0400
* testing: updated guestbin/swan-transmogrify
- Support for Debian/Ubuntu guests
- redhat: iptables cannot be bind mounted, copy files instead
- redhat: restart iptables/ip6tables service
- added -d option for debug output
- made sysctl quiet
- copy in proper ipsec.d, ipsec.secrets and ipsec.conf in /etc
- ensure ipsec.conf.common only exists in /testing/
- fix nss files, they need a fixup of readonly permissions
commit 12b73a560207b0504bdbbc7d72aab4554b841efd
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Sep 17 12:12:34 2012 -0400
* testing: always use ipsec.conf.common from /testing
there is no reason to copy this to the VMs in /etc/ipsec.d as it
only results in stale old copies.
commit fbdc844101015f9e0ab70c52c8ec87e96425d322
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Sep 17 12:04:33 2012 -0400
* testing: force /usr/local/sbin in our path.
pathmunge should do it, but often using ssh, sudo or serial, it still
somehow ends up not in our path.
commit e1457f559b35bf31cbb3957abd239456f3cb8ba9
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 16 17:08:49 2012 -0400
* remove comments about ALG_INFO_F_STRICT, as this option was removed
commit 011a80b52a0c8f72f7a15b805c2d0de0d882dca3
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 15 19:24:47 2012 -0400
* Renamed fedora-setup to libvir
commit 1711ae64949e1adc491a639170c3605cc058ef80
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 15 19:23:25 2012 -0400
* testing: Added ubuntu as valid guest too
renamed the disks-libvirt.sh to be fedora.sh. And added ubuntu.sh
fixup and rename userfix.sh to usercheck.sh
commit 72ee5143fac35ede555f163e1f3b9c8c4529b699
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 15 19:15:12 2012 -0400
* testing: Added ubuntu equivalent for testing base vm image
commit a36b4669b4b547fb005780b30844dded76be347a
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Sep 15 13:27:58 2012 -0400
* testing: Use QCOW2 file format for guests, based on single swanbase.img
Create copy-on-write images for all VMs. Saves diskspace, improves caching
and decreases buffer ram. We can also easilly recreate a host (west,east)
from scratch between tests if we want to.
commit 1d1a29b75bd90681f174317386455fc3951f578f
Merge: 71b2158 e0d0fc2
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 23:07:41 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 71b215869193dc42fb6012dbcae07f5508adb301
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 23:07:09 2012 -0400
* testing: add version=9p2000.L to /etc/fstab entries inside guest
commit e0d0fc2d63387dec7850ae068b0e5c96ba16a3c1
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 23:04:49 2012 -0400
* testing: squash access mode for 9p seems better for writing
commit 57564410ceb4082ff994a84b5945f8c9f144ee3a
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 22:52:50 2012 -0400
* testing: add userfix.sh as reminder that qemu needs write access
commit e8cd7ff7b50cd7f1e24ec3499d96b026ed766c90
Merge: 44ca823 89e68b4
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 18:54:11 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 44ca823224e03c09c17424acff5f0ff91914d868
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 18:53:33 2012 -0400
* lower mtu on install for my lame ISP's network. swanpath.sh fixup
commit 89e68b421589a82b66d349737aa39de781440520
Author: Antony Antony <appu at phenome.org>
Date: Fri Sep 14 16:59:21 2012 -0400
added to TESTLIST ikev2-allow-narrow-08-nss
commit bd971752f92a1e7a36ce5b134756934a764c0d82
Merge: 1925e44 314cd45
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 13:45:15 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 314cd459c3cdcdcf44a8ea2f40371f8a1a6fc241
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 13:44:51 2012 -0400
* testing list tests in swantest with no arg
commit 1925e4463f8bd83cab88b70b51843580d0f615e3
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 13:41:28 2012 -0400
* testing: cannot copy from /testing on install - not mounted yet
commit b4af832fe3e8a0cc2f9ef7507bef1ac24be0fdb1
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 13:37:41 2012 -0400
* testing: /usr/local was missing #!/bin/sh
commit e8c60134846e682a6c150a6dbf77c797bd069bf5
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 13:33:52 2012 -0400
* testing fixup swan-transmogrify
commit de3e0fa4dcb5336c7a4c67f2ca4a7568cb6f993b
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 13:12:01 2012 -0400
* testing: updates to installer
create iptables from files not kickstart file
- remove old systemd attempts to re-network the system
- added swanpath.sh and testing/guestbin
- merged the mount-bind into testing/guestbin/swan-transmogrify
that is called in rc.local.
- also copies in sysctl.conf files and iptables files
commit a074cc5b306b4cb8bb4f93d32c7fa818a6301631
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 13:11:34 2012 -0400
* had not commited the umlfedora26.config (for uml system)
commit 79e6fd6fabdd0aa9621d1cd036abb3efb98a19f2
Merge: a551d49 af6b62d
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 12:35:01 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a551d4936bfc1e19fa75e30580b62a8c153a6edf
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 12:32:57 2012 -0400
* testing: move from systemd to rc.local to reconfigure VMs
The systemd scheme did not get triggered, so instead now use a simple
rc.local file and then restart the network there. We also do the
filesystem 9p mounts here, since we cannot yet mount them from /etc/fstab
on boot, because the system needs to boot further before it can do those.
commit af6b62de58e77b6364ab3c04f52521ca09ef7869
Merge: e4c98a1 4f95c73
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 12:03:30 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 4f95c738850870028b79a5e4849ff38c3062cc58
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 12:02:52 2012 -0400
* remove the swanbase VM after we are done using it as a base
commit e4c98a1027709f68c62907e730b989ea75ae03eb
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 12:01:52 2012 -0400
* Move packages that are not available on install to %post
hopefully, it will then use the new installed full repo list.
commit d41f3601ce4b5621f4b6ed8e43186f4585d3c7f2
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 11:46:13 2012 -0400
* remove debug code
commit 7030dba2b1a56c101558ae5b453f673d2639c080
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 11:44:57 2012 -0400
* testing: add 9p mount for /source in the guest
commit c3fa797c8321b7af8da0292fc51b6aa26141e5a4
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 11:35:30 2012 -0400
* testing: fixup /testing mount within the guests
Note that the swan tree has to be world readable for the /testing
mount to make it. Added that to the README
Do not specify pci ids for the filesystem mount. libvirtd will do
that for us.
We need both the FEDORA and TESTING dirs.
commit f2ad0c5a8c4fba213412edd7a8070aa9d929304c
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 11:13:30 2012 -0400
* testing: export testing/ not testing/fedora-setup/ to the guests
commit 4ce5c1d7e3f77cec539007133934d077d19557a9
Merge: 941c808 7a59ba2
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Sep 14 17:24:23 2012 +0300
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 941c808744ec5c05fb0f60116116174360d26c38
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Sep 14 17:23:46 2012 +0300
updated CHANGES for #1381
commit 01cdf87538dec40556b0d8e3d154f831eebe6969
Author: Bram <bram-bcrafjna-erqzvar at spam.wizbit.be>
Date: Fri Sep 14 17:11:46 2012 +0300
XAuth: the variable PLUTO_XAUTH_USERNAME is empty in the updown script.
Looking at programs/pluto/state.c : duplicate_state shows that the
'st_xauth_username' is not copied from 'st' to 'nst'.
If the value is copied then it is correctly set in the
'PLUTO_XAUTH_USERNAME' variable in the updown script.
Signed-off-by: Tuomo Soini <tis at foobar.fi>
commit 7a59ba23511a743185baf0c8ad7c5eb798bae033
Merge: 78c1827 f6b803e
Author: build <build at east>
Date: Fri Sep 14 10:16:13 2012 -0400
Merge branch 'master' of ssh://vault.foobar.fi//srv/src/libreswan
commit 78c1827009a255b69eaaa4e011cbea23b71be257
Author: build <build at east>
Date: Fri Sep 14 10:15:07 2012 -0400
ikev2-allow-narrow-04 with nss rsa2
commit f6b803e200e09a20533a6d0c24a147eaac904247
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 10:00:56 2012 -0400
* testing: add alias of westnet-eastnet for westnet-eastnet-ipv4
Since most testcases specify westnet-eastnet, this is easier then
changing them all (and it will preserve known good output)
commit fca89e81b53865681656dd1166c057cec05da447
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 09:53:57 2012 -0400
* testing: added westnet-eastnet-ipv4-rsa2
commit 8b7b562f1dd15bd5dfcc678a68c9017d433fb61c
Merge: a5fede2 9d2310a
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 09:43:01 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a5fede2cb855fbe92a7f5a13831e4653646d55b0
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Sep 14 09:34:52 2012 -0400
* testing: Add LOGDROP iptables/ip6tables target on all machines
This also "starts" the iptables/ip6tables services, which just
loads the firewall rules - that only contain creating the LOGDROP
table. The post kickstart install addds these files and enables
the services.
commit 9d2310a6b576987d972271de59e1ed052067bf3d
Merge: 3912dbe 23b1874
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 13 21:07:39 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 3912dbe87e6ffb00c3b5ea407d5c5456569c64a1
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 13 21:06:35 2012 -0400
* testing: make fedora-setup scripts and /testing mount path independant
commit 23b1874d0cbf49adb881bbcd25e3b6acb2607e3f
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 13 19:49:00 2012 -0400
* testing: Added NSS keys for east and west
On west we ran "ipsec nssinit". On east we run it manually and
added the sql: prefix. We added conn westnet-eastnet-ipv4-rsa2
that is identical to westnet-eastnet-ipv4 except we added the
raw rsa key from NSS as right/leftrsasigkey2=
commit bb5fb7a759b25bf5d2d475582511ca10632606da
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 13 18:32:38 2012 -0400
* FIPS: add "ipsec initnss" to the fips list of modules to check
commit 771bf35c86babefc4a1634981036dfc6eddb32c7
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 13 18:15:56 2012 -0400
* use define, not create to get persistent VMs
commit 52d316f0cc2b751cbdd126b1dbcebb9d70fa5912
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 13 18:13:03 2012 -0400
fix typo in kickstart file
commit 812fb795f494ca6f41fa3e8d871d703a9a798353
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 13 18:09:30 2012 -0400
* testing: added nss-leftrsasigkey2-01
Test for using leftrsasigkey2/rightrsasigkey2 to help us with migrating
non-NSS systems to NSS systems,
Note: currently the second key is not filled in properly yet.
commit f71e5f2e56cadfe7a6b115f070628c637cc90116
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 13 18:00:34 2012 -0400
* testing: Fix /testing/pluto/bin/wait-until-pluto-started calls
They were often copied from bad use cases. The idea is that
ipsec setup start does not wait until pluto listens on network
and control socket, so the next command when issued to fast would
fail. The wait loop tries to hit ipsec whack --listen until it
succeeds. (I have to assume the network listen starts after the
control socket listen)
commit 49d12deef02a5ae86d9ef0d6aa5245cbacd7be4f
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 13 16:25:39 2012 -0400
* testing: fix waiting-for-pluto in ikev2-05 test case
commit ec3f5533f9f378e57e6f234ca2a8bc86a1928636
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Sep 12 20:44:35 2012 -0400
* move 9p module to the /etc/modules-load.d and add entry for virtio-rng
commit 2c7df472cc3949324421777c762e9312608d373c
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Sep 12 15:32:03 2012 -0400
* testing create /etc/modprobe.d/9p.conf in %post kickstart install
This is so we load the 9pnet_virtio kernel module so we can mount
/testing as "hostfs" on boot before the network is started to
overlay the east,west,etc networking files using a single install image.
commit 3b134847551db810c44993fa2e731faf4378db58
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Sep 12 14:40:29 2012 -0400
* testing: fix routing parameters for rhel/fedora style configs
commit 629f77773a6a6a7d39e750c389a63290a43fb759
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 11 22:27:21 2012 -0400
* testing: update kickstart to ensure NetworkManager is not installed
And install the buildrequires in case we want to manually compile
commit 9714918371fa715ed172ed107956d415c3b3ac1d
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 11 10:32:04 2012 -0400
updated changes, some re-ordering
commit f58b4a322c54062994bd7bb0417553380f0d2f91
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 11 10:22:12 2012 -0400
* updown: Delete the source ip addres on down only for Cisco peer
We know we obtained (and need to lose) an IP when connecting using
a Cisco peer. There are other cases where an obtained sourceip should
not be removed (eg when moving from LAN to Wifi, using a setup where
you get the same sourceip, a case that Tuomo has)
This should cover most cases. I confirmed it works using the Red Hat
VPN.
commit dffe6c6b4d7782b90e9693614ab7768b162c842c
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Sun Sep 2 16:12:59 2012 -0700
* updown fixes to remove obtained IP from interface on auto --down
Paul: This is probably not correct for Tuomo's use-case and needs
fixing.
commit f5978de19e4b721fb8d8a8ad9c8bd48d0c73eb64
Author: Paul Wouters <paul at nohats.ca>
Date: Mon Sep 10 23:15:58 2012 -0400
* testing: fix swan-bindmount.service
was using old osw-prefixed name, and one python indent was wrong,
causing it to not attempt ifcfg-ethX mounts.
commit 226feb7aa6eef38a1e2f2b05456aee8891a9e292
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 9 23:36:54 2012 -0400
* missed a sudo for the network autostart
commit 906e7c4f6c674968cbf9a71acddf61b437c8248c
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 9 23:33:06 2012 -0400
* testing: use proper network names with virsh
commit 6f1e55d8712889e0b68baeca1cd15984dd20a269
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 9 22:33:45 2012 -0400
* swan -> swanbase
commit 6e1d1a8fca15f7fe17e8ca430360ac1ac230536e
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 9 22:30:54 2012 -0400
* testing: more updates to the vm/net/disk libvirt creation scripts
commit 229cd97d75245334e7a54bb7e7f7cf87486f8f47
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 9 21:46:20 2012 -0400
* testing: qemu-kvm scripting updates
- bind mount our host network config based on known eth0 mac address
- use swan- prefix, not osw- prefix
- update kickstart script to make use of qemu-kvm filesystem mount
as hostfs replacement
- activate the systemd swan-bindmount.service in kickstart %post
commit 0faf146265a99348ec54290ac227a831c0f77a43
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 9 14:31:10 2012 -0400
* testing: Added east and west xml files for libvirt
commit cfb2a15e8addcac01658e7dead25f7f73d4d9699
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 9 14:29:14 2012 -0400
* testing: add note in README on nic types
commit 686dc159a9e36658432289b072d698d8822e2e3a
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 9 14:28:49 2012 -0400
* testing: enable the network service in kickstart's %post
commit d2e396afa67a83e547144056b10a4ce18664f855
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 9 13:48:12 2012 -0400
* testing: change from transient to persistent networking in libvirt
I had not realised virsh net-create only creates a "temporary" network.
We have to use net-define to make it permanent. The xml files don't
define whether to start it now or on boot, so we have to issue virsh
commands for that as well.
Also added the 192.9.2.0/24 and 192.9.4.0/24 networks (eth2 on the umls)
commit 147f4c6f948598aec2923eb092980099e65157f7
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Sep 9 00:59:48 2012 -0400
* testing: updates to generating scripts
commit fe8562f7b1051289c15b6c7a6e57aadc1ae7f8a6
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Sep 8 14:27:16 2012 -0400
* fix merge conflict in umlsetup.sh
commit 7152a084a8c8220f933eda275dbf58e70b14ec26
Merge: b4c5f03 aa1127c
Author: Antony Antony <appu at phenome.org>
Date: Sat Sep 8 20:11:08 2012 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
Conflicts:
testing/utils/umlsetup-sample.sh
commit aa1127c8a40947f6830d54a057b4ae116019484a
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Sep 8 13:38:34 2012 -0400
* remove dnssec/ subdir from testing Makefile
commit bb12b1b7bb8f22c4e5c3cd4526ddc3166fa2614e
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Sep 8 13:16:44 2012 -0400
* Removed obsolete prototype test case
Test code was unused, depended on removed lwresqd code and
depended on sandelman.ca live zone not run by the project.
It also depends on the unused prototype for USE_IPSECPOLICY
which was the (abandoned) method for querying pluto about its
dnssec knowledge (used with the ancient "wavesec" prototype
commit 84519ad9f2a8ac58a9638a5e97663f78e96bae38
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Sep 8 13:13:59 2012 -0400
* removed dead code that got moved into unbound.c
commit 80129f18dd970a7920821b5e1bde2afbd08d607b
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Sep 8 13:10:03 2012 -0400
* Avoid dns(sec) lookups for numerical sourceip= values
commit 1ebad95049810d17b0df97bc61f2518fbb3ede04
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Sep 8 12:54:41 2012 -0400
* DNSSEC: only build unbound.c when USE_DNSSEC=true
commit bee4e4a9fd05384d7376e5fd6d00a1eb334250ea
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Sep 8 12:54:03 2012 -0400
* dnssec: fix variable name when USE_DNSSEC=false
commit 365e55ddb9ab11a7417d68d452899d3f3527d6af
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 23:44:53 2012 -0400
update stock umlsetup-sample.sh to use "KERNVER26" and not SAref or uml patches
commit b4f9f612ca365ca352a831a8c42a4982f3ed2475
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 23:44:09 2012 -0400
* added a fedora26 kernel target.
commit c6bad1f8af2eb1c3a029fad434e089f8bca230d7
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 23:42:55 2012 -0400
* update testing/kernelconfigs
Enable ext4 inline. Move some unused files out of the way,
and rename the unversionsed once to "24" as the were for older 2.4 kernels
commit 5e4ae346e8f6f83fe9f0b39bb59283efdcc3ad60
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 23:41:37 2012 -0400
updates to testing/fedora-setup
Don't use lvm in guest, so we can more easilly get to partitions.
Give it a little more ram so it does not need swap, but give it
a swap partition anyway. Don't wget the systemd file but create in
inline.
commit 16d70f65cbbf514d15da7cdb5877cb4da0a06886
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 23:39:18 2012 -0400
Defining INSTMANFLAGS= caused make install problems
commit 414a44c351221242056e7101e4d84365ab1f0410
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 23:38:46 2012 -0400
* testing: alias kernelpatch3.5 to kernelpatch2.6 and disable SAref patch
commit 54a845d4e11f3cf0345cdedc6566f1d3b41f971a
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 23:18:37 2012 -0400
* testing: remove baseconfig/testing/bin/rs
The "rs" script was to "restart" ipsec within the uml when it has
been recompiled on the host. This saves a reboot of the uml, but
it uml specific (and caused problems on fedora's rootfs where
the bin/sbin directories are 555, not 755)
Only old master probably knew and used this shell script.
commit 06b256f19401119226125e2303a72ad0c20b1322
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 16:44:22 2012 -0400
* NSS: Add nss-softokn as dependancy - needed for certutil
And certutil is needed to initialise the nss database before pluto
can start.
commit e985bac9da5d0092ce68416960fd1950be52f2ef
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 15:31:03 2012 -0400
* WIP: testing split off disk image and network creation
You can now choose to directly configure tap/bridge devices using
the network-manual.sh script, or to use libvirt using network-libvirt.sh
The latter is persistent over reboots but requires libvirt to manage it.
commit 61eefc46e73ffd9723e25e8bcaf4d2d071f275c7
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Sep 6 01:26:26 2012 -0400
* WIP: testing various changes to the new image generator
commit b4c5f03f75123e3a8316418b68d445f36f6f8757
Author: Antony Antony <appu at phenome.org>
Date: Wed Sep 5 07:07:53 2012 +0200
update umlsetup-sample.sh
commit c04f5b6aabb76702027cb1a6a05030ac31b3ba53
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Sep 5 00:31:16 2012 -0400
* packaging: updated spec file and merged in changes by Avesh
This includes support for fipsmode, dnssec, libcap-ng, networkmanager,
crl fetching and leaves in our efence/development/klips options
commit 4017c450e49a1564ec48f10eaf85f2263c23c4e4
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Sep 5 00:30:24 2012 -0400
* Version: set Makefile.ver to use 0.9.9, not 1.0 as base
commit b7b99ee71732702a1e794abb941a9d51c4fcde9a
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Sep 5 00:29:52 2012 -0400
* install man pages using INSTMANFLAGS="-m 644"
This avoids hacking in the spec file to remove x bits from man pages
commit b0f23db85f0a4dd48fa6f29e425de15afac43050
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Sep 5 00:16:50 2012 -0400
* Updated FSF address on the GPLv2 COPYING file
commit dbb42c290ece8739e598babe367006da1bef87bb
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 4 23:47:46 2012 -0400
* Removed some obsoleted files in docs/
commit 44e1d01728daa6f36a55c68ca3f1971523d7f7f4
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 4 23:03:48 2012 -0400
updated changes
commit 655477747c78ff28b82f3b2941de12800726f97c
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 4 23:03:33 2012 -0400
* verify: warn users to start ipsec service before running verify
commit bcb20207fdb5d3cd109f6b3e9ca719fd9d11aeb3
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 4 20:53:52 2012 -0400
* verify: ported ipsec verify from perl to python
The reason for this is that the minimum install these days comes
with python, but not with perl, and automatic dependancy detection
scripts found this perl script and added perl as a requirement.
commit 3eb06340f1fa97f13fff0a00a822b01c2175a91c
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 4 19:35:34 2012 -0400
* Deleted a softlink pointing to some out of tree file :)
(The actual file is located in ./testing/utils/umlsetup-sample.sh)
commit ecb2d3627c64a98b8cf9ae9fa1fd1687362c57bf
Author: Antony Antony <appu at phenome.org>
Date: Wed Sep 5 00:31:27 2012 +0200
lets keep umlsetup.sh in git
commit 3472fb585c7f9f612994f56f08bf576094e8d1a5
Merge: 2380657 cfa138a
Author: Antony Antony <appu at phenome.org>
Date: Wed Sep 5 00:19:14 2012 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 2380657af3faa5321aee6052bd39cef8ee4ed7ff
Author: Antony Antony <appu at phenome.org>
Date: Wed Sep 5 00:18:26 2012 +0200
creating ubuntu 12.04 based UML host and instances(east, west.sunset..)
commit cfa138a1d13fe88b1ed2ee8570d7ae2846b1ddd2
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 4 17:56:48 2012 -0400
* NSS: include <prerror.h> without prefix
Since debian/ubuntu and fedora/rhel use a different prefix
commit c187e735e4dbf8001d47e7f11d0acf32688916c7
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 4 17:41:06 2012 -0400
* NSS: use pkg-config --cflags nss to find the header files
Debian uses /usr/include/nss and /usr/include/nspr unlike Fedora
and RHEL that use /usr/include/nss3 and /usr/include/nspr4
Added Buildrequire: pkg-config to packaging/*spec
commit 8905ba4877538baed04babd80fc95f223d4c5770
Merge: a403c73 d6c6e4f
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 4 17:16:13 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a403c7361a490bf0010b8fc7d547012508a89301
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 4 17:15:01 2012 -0400
* testing: again renamed the ifcfg files containing a :
It confuses the Makefiles
commit d6c6e4f15e060d368ca0e96a04a9751f513b8048
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Sep 4 13:16:31 2012 -0400
* WIP testing: Added scripts for network reconfiguration based on test host
during kickstart %post, we add the osw-bindmount.service for systemd. This
file is created inline from the kickstart file, as we do not yet have the
/testing directory mounted while we are installing.
Once the VM boots, it is passed a umid=hostname kernel option, which this
service uses to bind-mount /etc/sysconfig/network* before the network service
is started.
This allows us to use one disk image for all VMs we fire up. We use a disk
image because it is created on the fly with virt-create, and not all VM
technologies can do hostfs like uml can. (containers/namespaces can, but
those do not support cgroups/namespaces for XFRM/NETKEY)
commit ddf16b26f7fd6dfd10d233e5c0000bea663a897a
Merge: 35b187c d415cee
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Sep 3 22:31:37 2012 -0700
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 35b187c11a82588bececa1b8367cde40033ae773
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Sep 3 22:30:57 2012 -0700
* WIP: started port of "ipsec verify" from perl to python
commit d415cee7cb1bfa826518176aeedcdfd7bb693215
Merge: 9317853 b15d594
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Sep 3 19:37:50 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit b15d594875fcdb2f77362bcd77583c5093b5a8b9
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Sep 1 15:54:27 2012 -0700
* WIP: testing: Added loopback/selinux test cases
These are based on Avesh's tests
- Add CONFIG_SELINUX* to the umlnetkey26.config
- Added testing/pluto/loopback-pluto-*
This requires USE_LABELED_IPSEC?=true (currently not the default)
commit 13a7438624902aeb5981633153537bc6ed9e6afa
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Aug 26 23:03:39 2012 -0400
updated changes
commit f46940a9590f58d6af456ed3f238ee4610ae17f9
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Aug 26 22:58:46 2012 -0400
* IKEv2 pullup from ikev2-narrowing branch
- Add IKEv2 road warrior support
- Extend IKEv2 narrowing code to include protocols
- Add instantiation for road warriors and narrowing connections
commit 5f17c9387638a9dbc00fbdba79cc788e9c743c8a
Author: Paul Wouters <paul at nohats.ca>
Date: Fri Aug 24 20:00:06 2012 -0400
updated changes
commit 3d2f144bd4d9dd503ebc948f77288f1ae080b564
Author: Paul Wouters <paul at nohats.ca>
Date: Fri Aug 24 19:59:08 2012 -0400
* testing: unset CONFIG_UML_NET_VDE
commit 3568d355f19b399fbcc756e55a7d50973746548c
Author: Paul Wouters <paul at nohats.ca>
Date: Fri Aug 24 19:58:40 2012 -0400
* added "ipsec initnss" command
This is to make it easier to also call ipsec newhostkey, which
requires an existing NSS database now that NSS is mandatory.
commit 9317853256af008dc4bb10aa18b9196c75d8be6e
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Aug 23 18:58:08 2012 -0400
* testing: Added four new testcases for IKEv2
ikev2-09-rw-psk
ikev2-allow-narrow-05
ikev2-allow-narrow-06
ikev2-allow-narrow-07
commit df4fac2e9e44709cb84d75d11fce7b4cde19fdc1
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Aug 23 18:55:49 2012 -0400
* testing: fixups of some testcases
commit af711f9d58f430aa8502c6984c186cea186a3efd
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Aug 23 01:33:41 2012 -0400
* testing: Added testing/fedora-setup [WIP]
This contains some scripts dealing with setting up the network
using proper bridges, installing a fresh f17 as base image, and
then use COW to create the images we need (east, west, etc)
commit f2d5ae5092a1871430d03b91c56fd46222a2f3cc
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Aug 23 01:25:34 2012 -0400
* Testing: Added Fedora/RHEL style network configuration files
Added etc/sysconfig/network and ifcfg-eth* / route-eth* files
These are based on their original debian counter parts used with
uml testing now.
commit 68c9e1a86a8b28ee914788ee4f7801393e59674b
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Aug 23 01:24:28 2012 -0400
* testing: fix typo in testing/baseconfigs/north/etc/network/interfaces
commit c23a49010eee247ddcda9ee9a803332b59d904f6
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Aug 21 15:34:24 2012 -0400
updated changes
commit 8d1209d9ea6d7a48ca2753dcea5659a9be10cb7b
Author: Andrey Alexandrenko <aalexandrenko at telco-tech.de>
Date: Tue Aug 21 15:31:22 2012 -0400
* XAUTH: Use incoming XAUTH VID when picking best connection
I have prepared a patch witch solves for me following issue with Xauth
in Openswan. Pluto may refuse to connect with a road warrior If some
misc connections (with and without Xauth) are configured. The reason is
that pluto do not regard Xauth policy in main_inI1_outR2 and may just
choose a not suitable connection for proceeding. In my patch I evaluate
XAUTH VID and use this information by connection finding.
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit a92acf2dfb902fa6880ce4c45292f389644bfd31
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Aug 20 23:00:53 2012 -0400
updated changes
commit 816aae2e7607d64c3e531aaca2d0b9d20f611fa7
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Aug 20 22:52:57 2012 -0400
* XAUTH: fix pam race condition and contrib/pam.d file
Patch by Philippe.Vouters at laposte.net
This is rhbz#815127
commit 102e4b8ad605d87d74db836e98f0d209dc269bac
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Aug 20 22:23:02 2012 -0400
* Added dpd-08 testcase for rhbz#848132
On a tunnel between host1 and host2 using dpdaction=restart, if host2
goes down and DPD kicks in the new phase1 replacement will start
retransmitting, but is subject to a limited amount of retries even if
keyingtries=%forever (default) is set. If host2 does not come back in
time, the phase1 replacement will expire and then the tunnel does not
rekey until the old phase1 SA expires
commit b7599e205eb559dff7ad0d62ac3ad5bb67060ec3
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Aug 20 21:44:53 2012 -0400
* barf: don't search for our logs in lastlog, btmp or wtmp
This is rhbz#https://bugzilla.redhat.com/show_bug.cgi?id=771612
commit 4b5a633c9b3e3e6ee7f9ffd35a34f71c7d0a330e
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Aug 20 20:16:43 2012 -0400
updated changes
commit a4e3b483135f072441366e645ac1d34b3d236077
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Mon Aug 20 20:07:46 2012 -0400
* DPD/XAUTH/ModeConfig fixes
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit d00f36629229f619152a4e0dbb09e014883670d8
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Mon Aug 20 19:55:01 2012 -0400
* Do not perform XAUTH/ModeCfg during rekey when using Cisco compatibility
Paul: I added check for remote_peer_type=cisco as I didn't want to change
behaviour for non-cisco.
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 6ed03ba7959f5c224a07866ab55f5f6f41280636
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Mon Aug 20 19:47:49 2012 -0400
* Support for SHA384 and SHA512
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 0eac0cf957b5199a59abb7e574ad6ccbad3fc837
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Mon Aug 20 19:14:47 2012 -0400
* v1phase2tov2child_integ() addition
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 5c44c1324fcb302f8abc0b10d07371949b90fbed
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Mon Aug 20 18:51:46 2012 -0400
* Changed related to bz#703985 for Secure Labeling
Signed-off-by: Paul Wouters <paul at libreswan.org>
commit 9134abd82145b69bb2ae7fd6028dcf2507a39de7
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Aug 20 18:41:13 2012 -0400
* Added Avesh's additional labeled ipsec logging to starterwhack
commit a996cca2f2af79c1792ad82d1f557c0e305fde4c
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Aug 20 17:35:25 2012 -0400
* Support reading NSS password from file
Slightly modified from Avesh's patch to keep consistency of configdir
location (i.e. when configdir != /etc/ipsec.d/)
commit dcd3775b95d30bebd0adf4fc9e4b154b390a7ce1
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Jul 20 00:52:58 2012 +0300
update changes
commit fc86508683a92b3a3746d89395f6875a8c2d5e88
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Jul 20 00:50:18 2012 +0300
restore postpluto functionaliy which was missing
commit 0ef5f70c869c8eea796a9311101e9b0feb83ae00
Merge: 25a7031 d218164
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jul 18 13:45:03 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 25a70312b788e90c94e5666b56d47bd7ac597851
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jul 18 13:41:54 2012 -0400
* Sync up unbound/resolv.conf handling in _updown.{netkey|klips}
Add unbound-control flush_requestlist to remove pending requests
aimed at a resolvwe we can't or don't want to use anymore.
Add a newline to the restored resolv.conf that was missing.
commit d2181641f5e5baded8eee54f232da1eaa64648b3
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jul 12 14:57:41 2012 -0400
* Don't refer to NETKEY as "2.6" or "experimental code"
commit 9fdd3e55d247a277ab13a2985aeaf983bbd59a48
Merge: 2d26e0e 4f1e6db
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jul 1 19:24:34 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 2d26e0e1ea0ff16cb7b36059fd58629097f82907
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 29 16:06:29 2012 -0400
* Added AH_SHA2_256_TRUNC to ah_transform_name_private_use
commit 4f1e6dbc30156c1df1796b8fb65922641f0fe07e
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri Jun 29 20:12:15 2012 +0200
_startklips: use ip route instead of netstat
commit 689efc6f04f75e063ce2eca54d6280f19cd28916
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 28 18:57:54 2012 -0400
updated changed
commit f9f51be34bae997acbba6fac58619af8d402dc14
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 28 18:53:22 2012 -0400
* IKEv2: Use ft_zig instead of ft_mbz for IKEv2
The RFC's state we should "ignore and continue" and not "abort"
when we receive a non-zero value for a field that "must be zero".
commit 97e1dfb8f31b9f36dcf67f0b61df37e20f96c9a3
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 28 18:00:16 2012 -0400
* Introduce ft_zig value and reimplement android workaround with ft_zig
ft_zig (should be zero but ignore) is like ft_mbz (must be zero) except
we log a message and continue instead of aborting.
Currently, this is always logged. If we find this happens too often,
we can change the logging level to something non-default.
commit e38e4bc7aa4194d7495b35d28b71022b6c0a6be2
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 28 17:57:52 2012 -0400
Revert "* Workaround for Android Ice Cream Sandwich ipsec-tools 0.8.0 bug"
This reverts commit e474937fef9fe80b3a961db00d2c39b26ef9430b.
Conflicts:
Makefile.inc
commit 2af05554af2bf082acd1a8ddac2edd9418c7948a
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 28 17:56:38 2012 -0400
Revert "* Fix endif statement in Android ICS workaround"
This reverts commit 224e23bcec99692b214773923799e54608f88a83.
commit 6a87ba5f0e549d2ccdd6895d28ef43206a39e6ff
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 27 16:04:05 2012 -0400
* Add check for transport mode traffic selector in transport-02 test
commit e222cc0089ea5d2b761a95f6e93758ea05a9c75a
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 27 15:58:58 2012 -0400
updated changes
commit 9ed4d3e9ca2f57872167149c633f7ee2a3b01549
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Wed Jun 27 15:57:42 2012 -0400
* Pass traffic selectors to the kernel in Transport Mode
2. Traffic selectors in transport mode (both ikev1/ikev2) (redhat
bz#831669): Openswan does not pass traffic selectors information to
kernel during setup of SAs when a connection is configured in transport
mode. This might lead to situation where esp packets not matching to
existing traffic selectors can pass through kernel when the SA is in
transport mode. The attached patch (openswan-831676.patch) addresses
this issue and now Openswan passes traffic selectors information to
kernel when SAs are setup in transport mode.
commit 4962a1ceb178ddd84c4e2cfcc0663f3a764d2346
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 27 15:42:18 2012 -0400
helper: helper_passert_fail no longer used. Fix two string format warnings
nss threads also do not use PLUTO_CRYPTO_HELPER_DEBUG like the old
crypto helpers did.
commit 400633668791a663e0b0b14fceec2adab346691d
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 27 15:41:37 2012 -0400
put rpmbuild values used to compile in Makefile.inc as commented examples
commit cd4b3e3c22aa28fc24bc3795898506190d5d7fbc
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 27 15:30:36 2012 -0400
X509: fetch_ocsp should return void, not void *
commit 0afd5402533e382743a8b406748264364e5464fd
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 27 15:29:22 2012 -0400
gen_reqid() can call exit_log() but confuses compiler
compiler expects a proper return value, so return 0 even though
this is never reached.
commit eadcaccc9d8d3666c3bd4ef5ba35c93860c62f14
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 27 15:28:36 2012 -0400
NSS: We need to include nsperror.h for PR_GetError()
commit b05f3a9b473c87a4827978f678f7c098717ec1a7
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 27 15:06:08 2012 -0400
XAUTH: fixup previous maxlength fix. mova hardcoded to defines
commit 1f8ca6d218f39d8b59a466e27339163f8f7d3dab
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 27 14:15:50 2012 -0400
* NSS/SHA1: PK11_DigestFinal() passed sizeof pointer instead of sizeof *pointer
While at it, changed some known values for SHA1_DIGEST_SIZE, and
removed hardcoded 20's for readability.
(oddly enough, the nss example itself is wrong too, see:
http://www.mozilla.org/projects/security/pki/nss/sample-code/sample3.html)
commit 3351b1c30924869e12e7fc94ba1116e71d18a501
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 25 15:44:47 2012 -0400
updated changed
commit 4d63ca1d15f68f8b4883c24625f06129f70e7ea1
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 25 15:36:21 2012 -0400
* Support /etc/sysconfig/ipsec and /etc/default/ipsec (rhbz#789917)
There is a subtle difference between "ipsec setup start" and
"service ipsec start" or "systemctl start ipsec.service". The first
command passes all environment variables, but the latter two commands
do not.
This causes environment variables to be lost, ie. when a user does:
export PLUTO_EVENT_RETRANSMIT_DELAY=1
service ipsec start
This patch brings in support for /etc/sysconfig/ipsec (fedora/rhel)
and /etc/default/ipsec (debian/ubuntu) where these environment
variables can be set.
Probably, these options should all go into ipsec.conf's config setup
section.
commit 66cdf37975d376776109787e4c9babfda4c391a4
Merge: 3e087d5 20fc180
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 25 14:57:01 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 3e087d54cd334bfed16be3216553d1879166927d
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 25 14:55:44 2012 -0400
* Log if we send non-default PLUTO_*_RETRANSMIT_* values via env variables
commit 20fc180060956ff3d2e624df137931e4fd71e935
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Jun 21 22:15:06 2012 +0200
add changes entry for last two commits
commit 914ee12d40b231d2a3d1d8a24b6bd28f567911c1
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Jun 21 18:45:10 2012 +0200
add missing fi
commit aaf0fc3469948220d08641a509fd71b9296a80ac
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Jun 21 12:48:32 2012 +0200
add missing ;then
commit 10d0a3db22e102f3724015b25d87e5b0206db7bc
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 20 00:02:51 2012 -0400
* put note back regarding labeled ipsec in docs/README.labeledipsec
commit 3c1ca1c0e10471cfdbd92cda6e8661e999944da0
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jun 19 23:46:12 2012 -0400
* coredump: default to /var/run/pluto/ which is compatible with SElinux
commit 0c4801620b0c622cfdf9e4768d35928ac8ad7058
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jun 19 23:30:16 2012 -0400
* Remove support for PLUTO_CORE_DIR env variable (use dumpdir=)
It would conflict with dumpdir= and the uml tests are not using it
commit a07179e2b9690afc01fd4d07671b82bc85cacfe4
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jun 19 23:21:20 2012 -0400
* NETKEY: linux_pfkey_add_aead() left alg.sadb_alg_reserved uninitialised
It is reserved, and we only ever set it to 0.
commit 97a5128f3b4425c0f0436642f012cbe95c8508dd
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 18 10:12:45 2012 -0400
* fix debugline to print only in verbose mode
commit e7be44dc356ad2fbddcc0029d877fb4e7259b758
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 18 10:09:38 2012 -0400
Add unbound.c to Makefile.dep
commit 38a689528e3b2d2e678c18de1da507dc3299082d
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 18 10:08:07 2012 -0400
* Had forgotten to add lib/liblibreswan/unboud.c
commit e220a74e3ada270dcd9cd9f94711817d126f221e
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jun 17 23:04:27 2012 -0400
updated changes
commit 297ad3853088bd42d0dbce45bbe445cb710aeb64
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jun 17 23:00:11 2012 -0400
* starter: all resolving via starter is now done with DNSSEC support.
All of resolving in starter now uses one ub_ctx context that is
passed along, so that we carry our dns cache along. This does change
the API of functions in confread.c, which make using non-DNSSEC (eg
the old gethostbyname()) harder. That needs fixing after I talk to
dhr.
commit 0c586e3b7d78304abf8605c24b072367f5ee6f0a
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jun 17 22:58:39 2012 -0400
* dnskey.c: put back old LWRES code for now so it compiles.
The OE DNS lookups need to use an async unbound based lookup anyway.
It also needs TXT/KEY -> IPSECKEY which was started but not completed yet.
commit 6efb6ab52234ea0bda580e1937435149648a44f6
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jun 17 22:58:11 2012 -0400
Use IKEv1_AUTH_ALGORITHM_NONE for now (work in progress)
commit 93a3727ac1ecf1064a1089e8e7e280825e2aad89
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jun 17 22:54:04 2012 -0400
* starter: remove prototypes for static functions
init_load_conn(), translate_conn() and move_comment_list()
commit 6538429eb9a402af50765d12d6dd1909e299aabd
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jun 16 22:46:55 2012 -0400
* remove some old linux 2.2 cruft
kernelpatch targers, Makefile targets, packaging/defaults
commit e74a370956c7a075d18d8835a12d9bfb7fc374f1
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 20:51:08 2012 -0400
* remove duplicate include of oswlog.h in x509dn.c
commit 3a42cd1a14e540b2147b9214dabcf5b94fc10fe2
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 18:51:58 2012 -0400
* Add DNSSEC support to confread.c
commit d196c3c6f7f2f3b10f7652e3073ea8fca80d33a4
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 18:50:43 2012 -0400
* push USE_DNSSEC into the lib/Makefile.library for use within libraries
commit f58a6a1eef83c98236fb73a98b52d6228d8d6a7b
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 18:49:36 2012 -0400
* prevent double inclusion problems with dnssec.h
Use a #ifndef _DNSSEC_H and make the variables static for now, until
we move things into a library.
commit bc593c1275db9b6aab4e752b28df557684537b31
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 18:11:31 2012 -0400
* Fix AF_INET6 tnatoaddr() check in addconn.c and make static
The static for now is because I'm also placing this in a library and
it conflicts. Later on the addconn version will come from the library
commit 873f46297561c34a995c2fd2c5e49635b93de245
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 15:52:31 2012 -0400
* Add scaffolding for man pages for labeled_ipsec, loopback and policy_label
Perhaps Avesh can fill these in for us.
commit 2773fafdb92886414dbda045e6a4a251a1793310
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 15:41:08 2012 -0400
* Don't try to resolve A/AAAA records of IP addresses in addconn.c
When looking up --defaultnexthop values
commit 02edb14c50c777f8ecb8942fd6a77eab1d4b5183
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 15:33:08 2012 -0400
* Don't try to resolve A/AAAA records of IP addresses in addconn.c
When looking up --defaultroute values
commit 88207d364cacd9d048ed252033dc2ae918e31d06
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 11:49:02 2012 -0400
merge virtif.c header change
commit b28042874e99141ca2b7c117f86756b020e2b395
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Jun 14 18:36:23 2012 +0300
update CHANGES for _updown.netkey fix
commit 62f7bed504fadd8dfd9dbdaa45028ff58f67d847
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Jun 14 18:34:08 2012 +0300
_updown.netkey: fix route to be inserted on correct interface when nexthop is used
commit 41c871caf9b594d0a7655512dc7120300e282520
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 00:07:10 2012 -0400
updated changes
commit 177c5e96a582f4be159f42292a23a3b36c812253
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 14 00:04:38 2012 -0400
* Added new option plutostderrlogtime= (default=no)
Add plutostderrlogtime= option to enable or disable logging the time
stamp before each log message (as syslog does). Some people want this
when logging to a file. However, since the swan code is using this
output via plutostderrlog= in a file for the test suite, this needs to
be an option that can be turned off.
commit e0b44314cd81c492a4de33c2e7e992c064457313
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jun 12 21:29:21 2012 -0400
* Cap xauthpasslen and xauthnamelen at 128 (their buffer size)
commit 332bc03819b227c503924e15fb2720378c6e6857
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jun 12 21:13:55 2012 -0400
* fmt_log() fix similar to previous strncat() use
commit 640f2c19f6e771a05a3c6d7e180cbc0cd21a5554
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jun 12 20:49:15 2012 -0400
* xauth: in theory, in xauth_inI0() it could attempt to memcpy NULL
commit 5db42ff386f29f7403a951e89edd0d1503fa42a6
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jun 12 20:43:06 2012 -0400
* ensure not to call same_chunk on a null pointer
commit 10dcb3a3569a28a03849b42686d72cd28c664d4b
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 20:46:39 2012 -0400
* redone and simplified functions around strncat/snprintf
commit 4c1fbb32b871350e41528715674de34daa26c915
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 17:20:32 2012 -0400
* fix addrtot() with a passert and off-by-one
commit cfc5bcad40987bea9375a0280d812a358e616012
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 16:56:19 2012 -0400
* fixup format_end(), do not use strncat but snprintf
commit e69ade6fd822725c52084d051324c633ff3030a8
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 16:22:53 2012 -0400
* Move the close() call for the sock to the function that created it.
commit 3eda2666ddb763ee3d659e56ec862bfe93d16cef
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 16:17:12 2012 -0400
* undo the close on whack_sock, as it is placed in the state.
Left a comment to avoid making this mistake again.
commit aa9af2459312e603b02950c23969b748f1044ceb
Merge: 64be346 ce752b8
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 16:06:11 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit ce752b8f8bdd0a034493968101df2dbb1abc94ff
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 13:51:42 2012 -0400
* remove --copyright usage
commit 5329b6cb05c2199757dff31497406b020ee17c09
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 13:49:09 2012 -0400
* close dup()ed whack_sock in ipsecdoi_replace() to avoid leaking fd
commit ea8863e00b98e9e33fb5c5b2661f0212c003b758
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 13:48:19 2012 -0400
* Remove other half of ipsec_copyright_notice()
commit 8d100777b03b8f45b09f275392b146a3efaa4514
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 13:33:52 2012 -0400
* include "sysdep.h" in udpfromto.c
That defines HAVE_IP_PKTINFO for Linux and HAVE_IP_RECVDSTADDR for
BSD.
commit 08212d9c87c8668e551df3479ddf4be5a06680d4
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 13:33:17 2012 -0400
* close socket fd of the interface in _iface_down()
commit d525d831c97b4112ba8d70db3ace76f29f51e7e7
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 13:09:56 2012 -0400
* undo accidental commit to kernel_netlink.c in previous commit.
(that patch was still under testing and was accidentally commited)
commit 422c3e6166ca43b5452b24f1eb7a298d48194bd6
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 13:01:54 2012 -0400
update changes
commit 6ef7136c6dc32db790064110eca8c432b1ba1948
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 13:00:22 2012 -0400
* Fix potential strncat() failure in format_end()
commit da07ef5c15465888d375b3d33b7d090a807ec0cc
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 12:32:57 2012 -0400
* More strnat() safety checks
commit dc5a3a88ff9bca84e723685223132d63165696d3
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 12:15:12 2012 -0400
updated changes
commit 68a57612b63d28a6674dc72e8740c41b9b386a79
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 12:12:11 2012 -0400
* Additional safety checks to alg_info_snprint_esp() and alg_info_snprint_ah()
Similar issue as with commit 08cf475d7dc
commit 623c7087ea41400cd5e967f0d12a2ee3d6f562b0
Merge: 55097de 8c4cc70
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 12:01:37 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 55097de9e240db84b956128b6f5a5de547d6226d
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 12:01:21 2012 -0400
updated changes
commit 08cf475d7dc3ae74407e16d808b17428f89b4f11
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jun 11 11:55:41 2012 -0400
* Additional safety checks to addrtot(), inet_addrtot() and sin_addrtot()
These functions when used properly are bassed a char of size ADDRTOT_BUF
which is more then enough to strncat "<invalid>" into. But scanning
tools don't know about these and show red flags in case something smaller
is passed.
So now we check if the dstlen passed in is smaller then sizeof("invalid")
At least if someone would call these functions with chars that are too
small, we just truncate the text "<invalid>".
commit 64be34602346c23993935068f07dd4bf76012bd5
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jun 10 17:56:20 2012 -0400
* sync patches with variables names
ESP_reserved -> ESP_RESERVED
IPCOMP_V42BIS -> IPCOMP_LZJH
commit 8017b30aa3c23a7c91eafbf832736b0721165fd0
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jun 10 14:17:17 2012 -0400
updated changes
commit 8c4cc708ff398a2addd2923d9e461078b1a714f7
Author: Panagiotis Tamtamis <tamtamis at gmail.com>
Date: Sun Jun 10 14:13:57 2012 -0400
* Block rules created by openswan remain even after tunnel establishment
bugfix for #1334
Detail analysis
Problem text refers to block policy rules (bare shunts) which are created
by openswan and remain in kernel for ever until service is restarted.
This is happening if the user manualy adds policy rules.
If a manual policy rule is added, this will trigger an ACQUIRE
message. ACQUIRE will be handled by openswan by the following manner:
A valid conn will first be searched at initiate_ondemand_body function
at find_connection_for_clients. If a valid connection is not found
then cannot_oppo function is call. This function at the #ifdef KLIPS
part of code will call the replace_bare_shunt function. This function
is called with failure_shunt = FALSE and the transport protocol != 0.
What it is going on now is wrong!
openswan goes inside this function in order to delete the policy rule
which triggered the ACQUIRE msg (as it is stated from trace message). But
transport protocol is != 0. So instead of delete performs an addition!
By that way a bare shut or block policy rule is created in NETKEY stack
which cannot anymore be deleted by openswan.
In my opinion pluto, even if the user does not "properly uses" openswan
by adding a manual policy, should not add and moreover let those block
policy rules in the kernel. Since those are added by openswan should also
properly delete them. In NETKEY the default value of the parameter level
is "required" which means that no unecrypted traffic will go out until
an SA is fully established so a block rule is not required! KLIPS might
need that but this part of code should not be executed under NETKEY stack.
Futhermore even in a proper use the code has a bug. Lets assume now
that a very very simple host to host tunnel is erouted.
Pluto will add a policy (trap) to the kernel. When a ping is send from
one host to the other this will trigger an ACQUIRE message to tell
pluto to establish a tunnel. Now the connection is found (proper use of
openswan) at initiate_ondemand_body function. Code will go to assign_hold
function at line 860. assign_hold at the if statement eclipsable(sr)
will return true since it is a host to host tunnel and this later will
call free_bare_shunt function which will print "delete bare shunt:
null pointer".
In conclussion analysis is that those 2 IFDEF KLIPS code flows should
not be executed if NETKEY stack is used. Below are traces from ACQUIRE
message in host to host and subnet to subnet erouted tunnel in "normal
use".
commit 8ac9f628bf14bb5f919828f55b0d63cbd98bb53f
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 7 18:03:54 2012 -0400
* addconn: Add IPv6 support for defaultroute/nexthop lookups
This support is both for using the new unbound_resolve as well
as the old ttoaddr()
commit 05506326feca7ec8f5c938724a1d4c7566379e3f
Merge: 237eddf 38001cd
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 7 17:21:14 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 237eddf6689ba6572ca0328c77872fe43fbe8185
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 7 17:17:11 2012 -0400
* Fixup the unbound_resolve() code.
I was confusing err_t and char * and returning unmalloc'ed chars.
When moving the DNSSEC code into its own library I will ensure to
only use static strings for err_t. For now, I changed the type to
bool or err_t within the DNSSEC ifdef.
(Thanks to dhr for going over this code with me)
commit 38001cd5738aba516078447b998c23ed0930a8be
Merge: 028fe09 3843922
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 7 15:09:58 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 028fe09fc4d1573321b5aab69196a06a15ae01df
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jun 7 15:08:06 2012 -0400
* Log a warning for NETKEY/XFRM breaking RFC 4301, Section 5.2
When setting up a transport mode connection with a protoport selector,
the Linux NETKEY/XFRM stack will accept any encrpyted packets between
the hostpairs, and not just the ones covered by the selector. We log
a warning about this.
commit 38439225e4c1f18e6795031dca6338ebdc9eeb2f
Merge: 629e702 2639740
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 6 20:22:04 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 629e702fc12480ed92de6e1e9c4e8190d2894c79
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 6 20:20:35 2012 -0400
* DNSSEC: added root and DLV (dlv.isc.org) key for dnssec validation
This hardcodes the root and DLV keys. These are long term keys, and
it would be nice to handle this differently later. For now it avoids
dependancies on these key files (in various odd formats) elsewhere.
commit 0fcaeab77320a27233d9bbcbc8fe551cad9d2d3f
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 6 20:17:41 2012 -0400
* DNSSEC: Introduced new option USE_DNSSEC
Defaults to true in this tree as it is deemed a development tree now.
This is a proof of concept. Makefiles will need to get adjusted when
the unbound cacher code moves into a library.
This option requires the libunbound (http://unbound.net/)
commit b99843f8920bc63c9a84df825eaacbbc7f0b77f4
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 6 20:14:18 2012 -0400
* DNSSEC: Converted addconn.c from ttoaddr() to using libunbound()
Also warn if resolving was performed but the lookup was not validated.
(we'll see how spammy it gets)
Other readconf/parsing routines called by addconn.c still call tooaddr()
Note this is a proof of concept only. Some of this will have to move
to a more generic place to get re-used by other binaries and libraries.
ttoaddr() at some point calls gethostbyname() which is blocking. So
this is a simple replacement using unbound that is also blocking. It
does use a shared cache if you would use it to load all conns.
Addconn.c does not resolve left/right directly, but only the defaultroute
options and nexthop values.
It needs more testing to confirm IPv6 works, but I seems ttoaddr() did not
fully supported ipv6 to begin with.
commit 224e23bcec99692b214773923799e54608f88a83
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jun 6 13:22:12 2012 -0400
* Fix endif statement in Android ICS workaround
commit 308fa7dd5037793ac5439eda8fbda4e2971c1f31
Author: Paul Wouters <paul at libreswan.org>
Date: Wed May 30 15:18:17 2012 -0400
updated changes
commit b5e0a262187ca55d9d1b53a8be044a41d1676392
Author: Paul Wouters <paul at libreswan.org>
Date: Wed May 30 15:05:08 2012 -0400
* Always assume UDPFROMTO works on Linux and BSD
- Phased out UDPFROMTO_DEFS
- Moved HAVE_UDPFROMTO, HAVE_IP_RECVDSTADDR and HAVE_IP_PKTINFO defines to arch
specific sysdep.h versions of bsd and linux
- Fixes a bug where compiling just NETKEY and no KLIPS support would lose HAVE_UDPFROMTO
commit 526fc702fc5a6f8d36d7e1fd13ed82a45b3c93a1
Author: Paul Wouters <paul at libreswan.org>
Date: Wed May 30 14:09:12 2012 -0400
* Remove "ipsec copyright" command
The text was always extremely outdated anyway. Proper copyrights
and credits are in the source and distros tend to distribute those
files as well.
commit 3a8801f9a1ca258d76c43463c95343707ccbe9b8
Author: Paul Wouters <paul at libreswan.org>
Date: Wed May 30 13:52:57 2012 -0400
* Remove unused MD2_DIGEST_SIZE
commit 36b9caa758815e96914316da9e7ff4eb179c9d1c
Author: Paul Wouters <paul at libreswan.org>
Date: Wed May 30 13:50:57 2012 -0400
* Only set MODP768_MODULUS with USE_VERYWEAK_DH1
commit 2639740e37cca6f9ca824310bf0faf55849dae1a
Author: Paul Wouters <paul at libreswan.org>
Date: Wed May 30 13:25:44 2012 -0400
* one #endif ended up being an #end by mistake
commit 0c2705bf3947d5edc2fcce4da13b89d78fc5f2ec
Author: Paul Wouters <paul at libreswan.org>
Date: Fri May 25 17:56:35 2012 -0400
* Testing: remove double == in testcase echo line to avoid confusing
commit 2f5d4356167b553833aa4e9d75d81c7b409080c8
Merge: 1aa4b0a e474937
Author: Paul Wouters <paul at libreswan.org>
Date: Tue May 22 12:40:02 2012 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 1aa4b0a1dcd46cbffec5f8f0ac145aa0f648dcf6
Author: Paul Wouters <paul at libreswan.org>
Date: Tue May 22 12:37:50 2012 -0400
* Remove KLIPS define in initiate.c
This define was supposed to limit some OE/on-demand code to KLIPS, but
there is really no reason anymore to do that as NETKEY can also do this.
As everyone on Linux enabled KLIPS support anyway, it was always there.
But now we also check/enable some initiate code when the currently used
stack is NETKEY.
commit e474937fef9fe80b3a961db00d2c39b26ef9430b
Author: Paul Wouters <paul at libreswan.org>
Date: Sun May 20 13:30:16 2012 -0400
* Workaround for Android Ice Cream Sandwich ipsec-tools 0.8.0 bug
ipsec-tools 0.8.0 mistakenly sets some NAT-OA fields that are defined
in RFC1374 as "always zero". We define these as "ft_mbz" (Must Be Zero)
This workaround changes the type to "ft_nat" (Natural number) and
then ignores it.
What we really need is the "ft_mbz" case to log and zeroise, but I
could not get the pointer magic working.
commit ef189bb983c6bca1d3972d57caf907a1c660825d
Author: Paul Wouters <paul at libreswan.org>
Date: Fri May 18 16:02:22 2012 -0400
* remove duplicated history (and test commit)
commit 523226da1f3f3c431065da96489d13139418f0ca
Merge: 6cd4429 74c2a46
Author: Paul Wouters <paul at libreswan.org>
Date: Thu May 17 09:36:12 2012 -0400
Merge remote-tracking branch 'openswan_master/master'
Conflicts:
CHANGES
programs/pluto/ikev2.c
commit 74c2a46b5562920f7849761748e026e19991b4be
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 17 10:58:20 2012 +0300
update CHANGES for AES-GCM fix
commit 81778fcad5c3ebb966b02fc9af0fc7c0fbead678
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu May 17 10:53:18 2012 +0300
Fix for three AES-GCM issues with key lengths 128, 192, 256 bits and IV
of 8, 12, 16 bytes as per RFC 4106.
1. AES-GCM for key length 256 for all 3 variants
(IV of 8, 12, 16 bytes) does not work.
2. AES-GCM negotiation for ESP during IKE exchange does not
inter-operate with any other implementation, because Openswan
sends wrong key length values. RFC 4106 defines that key lengths of
128, 192, 256 should be used during IKE exchange, whereas key
lengths + 4 bytes should be calculated as final keys to be sent
to kernel for ESP. However, Openswan sends key length + 4 bytes
during IKE exchange and breaks interop with other implementation.
3. RFC 4106 only allows 3 key lengths of 128, 192 or 256 bits, but
Openswan lets configure any key length which should not happen, and
configuration should be limited to only the specified lengths in
the rfc.
Signed-off-by: Tuomo Soini <tis at foobar.fi>
commit 6cd4429aa0a2d53466dec005e4c650b0dbb7beba
Author: Paul Wouters <paul at libreswan.ca>
Date: Wed May 9 22:08:19 2012 -0400
updated changes
commit 05de145b00abce435ea8e843b2e50f5bc76158bb
Author: Paul Wouters <paul at libreswan.org>
Date: Wed May 9 22:04:33 2012 -0400
* Make the nss crypto library mandatory
- Removed custom crypto code
- Also removed md2 algo which was apparently used in some old certificates.
- Fixed some warnins on unused variables
commit f403742a9916a93c259421fcf873e455408e852c
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 11:32:29 2012 -0400
* bump WHACK MAGIC to detect version mismatch with other swans
We leave WHACK_BASIC_MAGIC the same, so a package upgrade from
one swan to the other swan will still work properly.
commit 976935a57a62f93085a791d244d7c876664532fa
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 11:20:39 2012 -0400
* Fixup some credits. Remove merged contrib code for selinux
commit e0ae5cae7c461bdf8576c6bcc6564eddae1094c9
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 11:16:26 2012 -0400
updated CHANGES
commit 36d4f37be455d315b3593c48db45b54ba0d70c31
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 11:10:47 2012 -0400
* Remove support for kernel 2.5.x. We only support 2.4, 2.6 and 3.x
commit 4a78018321d29b94ac5d1bb8a03b00b1a6ad8675
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 11:02:28 2012 -0400
* Remove support for kernels without snprintf
commit dc3a8a74dfa55100739d34d28bbb8d921b9a1531
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 11:01:07 2012 -0400
* Remove support for kernels not supporting MALLOC_SLAB
commit bef9308a73d189763ed9cad677cbdde05567082a
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:53:05 2012 -0400
* Remove remaining pre 2.4.4 kernel support
commit 168470919ace441cd684e3e9e4dbcbba65809e03
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:49:54 2012 -0400
* Remove pre 2.4.4 IP_FRAGMENT_LINEARIZE compat code
commit dba5243a8e512640acedbdb2a96cc431d59032b1
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:47:54 2012 -0400
* Remove pre 2.4.4 kernel compat for PROTO_HANDLER_SINGLE_PARM
commit aacf99f88d31865d8a812ed3f67d379d7a0d18bd
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:46:32 2012 -0400
* Remove compat code for SKB_COW_NEW for < 2.4.4. kernels
commit 0e9a8e7ed74b9333091238a6635e4c97e3e8f2b3
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:43:58 2012 -0400
* Remove compat old/broken IP_SELECT_IDENT for < 2.4.2 kernels
Also removes support for broken 2.4.19 suse kernels
commit e25587cf4425b6b733f4fba4a04e1dd233a33de3
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:39:18 2012 -0400
* Remove SKB_COPY_EXPAND for < 2.3 kernels
commit 515d84e89cf79d5fa146abe58588da563dd0e679
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:36:04 2012 -0400
* Remove /proc dummy code for old kernels (PROC_NO_DUMMY)
commit 31aa26de1aaf9a7e5d826a25b8668800b97bd5d0
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:34:58 2012 -0400
* Always add support for alias capability (CONFIG_IP_ALIAS)
commit b42af089fb0702d13f1af34ec304dadedba03fb0
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:33:55 2012 -0400
* Always add support for alias capability (CONFIG_IP_ALIAS)
commit 1a33f59063a6db5a565e414362e5994e371bbbe6
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:32:52 2012 -0400
* Remove support for NET_23 (kernels before 2.3)
commit 88f79de57d6e366034b9f6cc861efa96eba36643
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:26:37 2012 -0400
* Remove kernel support predating NETLINK
commit 3da668240f48c006b62c451ad8faa89d730149b0
Author: Paul Wouters <paul at libreswan.ca>
Date: Tue May 1 10:17:11 2012 -0400
* Remove /proc support pre-2.4 kernels (PROC_FS_2325/PROC_FS_21)
commit a41fbbce2aa00048ed34c025f1a9a75b092260e2
Author: Paul Wouters <paul at libreswan.ca>
Date: Mon Apr 30 23:43:30 2012 -0400
* Remove more old 2.1 and 2.3 kernel code
commit a4a398b9bad1b2def31f3ddf75fe8e81e193ce28
Author: Paul Wouters <paul at libreswan.ca>
Date: Mon Apr 30 23:16:29 2012 -0400
* Remove support for kernels without SPINLOCK and SPINLOCK_23
These are all pre 2.4 kernels.
commit 60c45c6993221ccad248b559b952b31fd8018c65
Author: Paul Wouters <paul at libreswan.ca>
Date: Mon Apr 30 22:21:56 2012 -0400
* Remove support for Linux kernels < 2.1.0 via NET_21 define
commit 171d2f6c276e6e7757cf3dec4356c2243a6f54e6
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Apr 29 23:39:29 2012 -0400
* IPSECKEY: no longer split the string as required for old TXT records.
commit e141565eab35acf49572cb73611993148a716116
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Apr 29 23:34:51 2012 -0400
* Fixup IPSECKEY support with ipv4/ipv6 family and support --precedence
Also updated the man page to reflect the changes made.
commit b275c0c6820adb0ea634e2f0dbfcbcb70a57ed9c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Apr 29 22:45:38 2012 -0400
* Updated ipsec showhostkey to support IPSECKEY
Also removed support for KEY and TXT record, and removed stub
options for x509 options that were not implemented.
commit 8ca36783dd35b6ce7575a36dfa59e9ccb4deab9a
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Apr 26 18:12:56 2012 -0400
* Removed strict mode option via '!' flag.
Also removes the entire flags= section from status output, as strict
was the only flag we had.
commit 463ce6c77c42baa32bdc324f4b9f9675a89fd4fa
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Apr 24 08:36:22 2012 +0300
update CHANGES for bug #1329 fix
commit 31415c27ae4c7d2bf1de2ae20f7357aa28ad8df6
Author: Steve Lanser <slanser at tallmaple.com>
Date: Tue Apr 24 08:26:14 2012 +0300
Fix the IKEv2 crasher seen in the 2nd update to issue #1329. We need
to allow complete_v2_state_transition() to handle errors with reason for
failure (as described in commit 3bdc91faf5d492e65ceeaede9320f2b81c779fb1),
and to send an error response to the peer. Continue to abort for the
STF_TOOMUCHCRYPTO case which is called out separately, and for other
cases where state is expected. Note that DoS detection and control should
be handled at a higher level.
Signed-off-by: Tuomo Soini <tis at foobar.fi>
commit 168369e4cf80050ef9e4112f354f2f1737d813c4
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Apr 22 23:25:33 2012 -0400
* Remove USE_LWRES support
This completely removes the partial outdated staticly linked ISC
stuff for dnssec. It will be replaced by ldns/libunbound code.
commit f7b216110303068467b6341b5b80ded1aa891c25
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Apr 21 23:55:19 2012 -0400
* Fix generating libreswan versions based of git
And remove support for obsolete versions of git
commit 00beb8a99a93ac7318848f19f63e58730ef543ac
Author: Paul Wouters <paul at libreswan.ca>
Date: Sat Apr 21 23:36:21 2012 -0400
* Change our vendorid prefix to "OEN"
Vendor ID will be redone soon to not require md5 runtime, which is
a problem in fips mode.
commit 10acb2d0b646781586730495ee63d7deb16d987e
Author: Paul Wouters <paul at libreswan.ca>
Date: Sat Apr 21 23:01:09 2012 -0400
* Initial fork commit
commit 58d49a5103cd55c0f871bda97c0961b68ebc0629
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Apr 18 08:17:04 2012 +0300
update CHANGES for bug #1308 fix
commit 9b187016d7e9017281ab4780cae7a272f95c338e
Author: Matt Rogers <mrogers at redhat.com>
Date: Wed Apr 18 08:10:15 2012 +0300
Fix for bug#1308: forceencaps= setting does now show up in status output.
commit a6c7acb739780aadaaf076100c4753cd760eedac
Merge: fb35ee3 5875a24
Author: Antony Antony <appu at phenome.org>
Date: Thu Apr 5 00:34:54 2012 +0200
Merge remote-tracking branch 'turk/master'
commit 5875a24d314171760b679cd04888797d89058ba6
Author: Antony Antony <antony at phenome.org>
Date: Wed Apr 4 18:31:33 2012 -0400
fix test config
commit fb35ee36a31909cee0c9f784146e80bc46c54ff7
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 26 16:50:47 2012 +0300
updated CHANGES
commit 4a5d36cb496dcb3d869d5a0417500d88591f8a2e
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 26 16:24:08 2012 +0300
Silence error message when DN is loaded to ID with %fromcert
commit 8593ed4ae8be46598abd7068dc57949ee5c1cb0b
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 26 11:03:07 2012 +0300
Fix url to bugs system.
commit a337b09e2aa8140136ab60217974327c7223b1ca
Author: Tuomo Soini <tis at foobar.fi>
Date: Sat Mar 24 01:41:54 2012 +0200
updated changes for v2.6.39
commit 1639ae503659ddcc7f93fa79671860218aa16025
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Mar 23 23:05:37 2012 +0200
update CHANGES
commit e09605eb144f3922a7037c93a3b658d5ae416a93
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Mar 21 14:32:01 2012 +1000
Fix up support for ipv6_skip_exthdr on linux-3.3
linux-3.3 kernels and later now takes and extra arg for ipv6_skip_exthdr
that I don't think we need to worry about. Deal with it in a flexible way.
commit 65ed395a8f32d453f50c2c853a6bf594b7c3f530
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 20 12:35:47 2012 -0400
* IKEve testcases for port narrowing
commit d330fcbfa9144e53c1542b0c22ff8bb768934af0
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 20 07:34:03 2012 -0400
* IKEv2: forward port of ikev2_evaluate_connection_port_fit handling
commit 20c8efa0383c7b7b46e07bb09ccd07bbb8e2f87d
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Mar 14 14:21:59 2012 -0400
* remove some unused variables from iprange.c
commit d335edbe803c75b921171d15a4305105333c8513
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 22:59:04 2012 -0400
slightly better ikev2 traffic selector mismatch code
commit 1d796c1dba446c264cdd551982ba004e2aa37797
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 22:09:12 2012 -0400
* return STF_FAIL + TS_UNACCEPTABLE for now to avoid more issues
commit 399cd4751cb267d9a491e83eb40a30a75a86ab4f
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 16:47:58 2012 -0400
esp_transformid_names not esp_transformid_name
commit 173c4da76e8a1531066bfd095439efa55dbab4f9
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 16:32:02 2012 -0400
* fix logging call to use enum_name(), not enum_names()
commit b6810940cb51dccd8b68088c5f7657993932bac1
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 16:18:39 2012 -0400
Fix signedness of dc.ptr pointer cast
commit f9143cdadaa4bc0970d8254e7650122ee78ba53d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 16:13:23 2012 -0400
missing format argument
commit e6799072f6847644b37b06a78afba5393ba4fe4e
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 16:10:55 2012 -0400
* fix exact TSr/TSi match.
commit 3bdc91faf5d492e65ceeaede9320f2b81c779fb1
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 13:14:09 2012 -0400
* IKEv2: always pass reason for failure to complete_v2_state_transition()
We were changing STF_FAIL + reason to STF_FAIL, causing us to log with
empty reasons, eg:
133 "test" #1: STATE_PARENT_I1: initiate
133 "test" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
134 "test" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_128 integ=sha1_96 prf=oakley_sha group=modp2048}
200 "test" #2: STATE_PARENT_I2: (null)
Now the last line properly prints:
238 "test" #2: STATE_PARENT_I2: v2N_TS_UNACCEPTABLE
commit a99771733f659252de7381a6dee9bd83d3ab206a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 12:14:19 2012 -0400
* IKEv2 Code dealing with parent success, child fail, was bad
Reverted it to always send the AUTH payload again.
commit 4d0d228e0a519a0a6a73bb55bbbea5f191c30faa
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 11:50:48 2012 -0400
* err_t excuse was only ever set to "not sure" - removed
commit 01bf3f3633977d0177e74d8c28722be3c277bb6a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 11:12:25 2012 -0400
* testing: The IKEv2 tests use "west-east-base" which was split out.
Added it back with two also= includes for west-east-base-id and
west-east-base-ipv4
commit 365ab87a86e3de70756e2ecb0b6ff10f63ef4284
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 13 10:53:31 2012 -0400
* IKEv2: change order of ikev2.h / demux.h for struct payload_digest
commit 8c02060f97ba547ee726ebf7288801725548dfe9
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 12 16:13:07 2012 -0400
updated CHANGES
commit 3d277cebda58d2a24bc4fa1591d2e0c59c457f37
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 12 16:10:05 2012 -0400
* IKEv2: sync back Changes from RHEL
These relate to deleting SAs, Information Exchange, and Traffic
Selector narrowing.
commit c97e5670e217329febc3c4262b0a3d93a4d407c7
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 12 11:45:18 2012 -0400
* IS_CHILD_SA_ESTABLISHED() now also checks for st->st_clonedfrom != SOS_NOBODY
While this should not be neccessary there is some confusion about
child states in IKEv2 (and IKEv1 Aggressive Mode). In IKEv2, both
the parent sa and a child sa show up as PARENT_STATE_I3/R2.
Conflicts:
include/pluto_constants.h
commit 13708d51b8d0fdb4fd3984ef1b2d32601eb42095
Merge: a0169a3 e3ad704
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 9 01:53:19 2012 -0500
Merge branch 'master' of ssh://vault.openswan.org/openswan/openswan
commit a0169a383d250e69e14dfb64fd9123d196adc090
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Mar 8 13:51:12 2012 -0500
* change rmmod order for ipcomp/ipcomp6
Our simple grep test for ipcomp triggers on ipcomp6, so when you
have ipcomp6 loaded but not ipcomp, it will show a (harmless)
error about ipcomp not being loaded.
commit e3ad704d94d561ac2c8a7767f593b4cf772e07ab
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 20:53:41 2012 -0500
Only log directory changing of the X.509 stuff in DBG_CONTROLMORE.
We were getting spammed with useless messages like:
Jan 17 13:26:38 tb7 pluto[32270]: Changing to directory '/etc/ipsec.d/crls'
commit c5932f8992600b6a1302814f26d87c8fe8fca34e
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 20:53:07 2012 -0500
* fix unhandled case IKEv2_AUTH_HMAC_SHA2_256_128_TRUNCBUG
The compiler was so kind to help us, nice enums....
commit a1405234faaa2608412f06b2c2e4a0da819b30a5
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 20:52:29 2012 -0500
* Forgot to rename IKEv2_AUTH_HMAC_SHA2_256_128_TRUNC
to IKEv2_AUTH_HMAC_SHA2_256_128_TRUNCBUG.
commit 5701ad75b1235b4f9ddb8652be0e2e39c4bf5ef9
Merge: 1ccfc5b e721cab
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 20:37:01 2012 -0500
Merge branch 'master' of ssh://vault.openswan.org/openswan/openswan
commit 1ccfc5bd006c25c46c2e98a1b2ba5b4879d41571
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 20:35:16 2012 -0500
* Remove unused defines from include/ipsecconf/files.h
commit e721cab9c1e88b0c772f89254ef5190044977d07
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 19:35:29 2012 -0500
updated changes
commit b102e8b3c4c32e1d16f370fa1adbdf69b7040fe0
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 19:32:01 2012 -0500
* Remove unused bucketno argument from state_hash()
We only ever had it set to NULL.
commit e927841b2d139bf9b79f25176cdd1295171fb37f
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 19:10:46 2012 -0500
* Remove USE_IPROUTE2= flag - we always require it
This mostly affected _updown.klips/*.in which had two versions,
and now only has the one based on iproute.
commit 644b780c7164a61d426bce903393dbb90c733a22
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 18:22:24 2012 -0500
* Fix XAUTH unbound hooks again
domain name and nameserver IPS got mixed up. Also sync'ed up the
klips/mast versions to the netkey version.
commit 94921c7c6e7a498a482af9adfa703c8a9daad645
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 14:00:19 2012 -0500
* Remove SElinux check from "ipsec verify"
The policies allow a lot, and we have direct communication with the
SElinux people when we find new issues.
commit ef442c5c79a8e8cd176147d8250673635746a1e3
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 13:58:29 2012 -0500
updated changes
commit deeaa8a662bd7054e2d8bec6516c3d99b66d33d6
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 13:47:54 2012 -0500
* SAREF: fix all patch versions to use new numbers for SAREF
That is, use IP_IPSEC_BINDREF=30 and IP_IPSEC_REFINFO=31
commit 1573998a2020b2f4334d4e8328bc5f2b736d7561
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 02:12:02 2012 -0500
* more SHA2 Trunc cleanup, re-instate accidentally lost case CD_IKELIFETIME:
Also add man page that I forgot to add earlier
commit f57bd5f18b30e32b5874ced61a423733536986cf
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 01:45:55 2012 -0500
* Remove older version of sha2 trunc support
commit 31d1fc057f7097db931b459778c63fad485b9e51
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Mar 6 00:57:25 2012 -0500
* Backwards compatibly with broken SHA2 truncation using sha2_truncbug=yes
Instead of passing a fake algorithm all over the negotiation, track
this in the connection object, and only pass the fake algorithm in
the call to kernel_ops->add_sa(). This saves us from needing to hack
the out_attr() proposals and re-interpreting incoming proposals.
Currently, only the NETKEY stacks supports this.
commit 094e119c59213f62b43b50cecae10bc14f300a14
Author: Hugh Redelmeier <hugh at mimosa.com>
Date: Mon Mar 5 22:56:05 2012 -0500
* ikeping: Fix for strict alias warning in ikeping.c
Note: it still prints cookies in assumed host order
commit f4386d5587daebb8ae9a453fdc0b28d3771a01d5
Merge: d9cc8e2 02fdc15
Author: root <root at thinkpad.nohats.ca>
Date: Mon Mar 5 20:33:02 2012 -0500
Merge branch 'master' of ssh://vault.openswan.org/openswan/openswan
commit 02fdc15dad830f140f8c8da8d562f190dc034485
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 5 17:28:39 2012 -0500
* SHA2: Improvements on commit d7694d3a8db2e358dbd911a4138ed63926b86f3d
- This fixes / updates various isakmp regitry values
- Translate sha2_256-96 to sha2_256_trunc-256
- Instead of using 61440 for our private use value, use 252 (since there is
confusion about sadb vs aalg being 2 vs 1 octet and these two are mapped
with functions like alg_info_esp_sadb2aa() / alg_info_esp_aa2sadb2()
commit 6621398dfc4f517ba4dcdd46cc09bec4ee74671b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 5 14:51:15 2012 -0500
* Fix authalg in esp_info to be u_int16_t, not u_int8_t
The compiler did not warn us about this, and setting a private use
number (61440) ended up setting just the least significant octet.
Why we have auth and authalg, and those numbers being "mostly"
authalg=auth+1 (which actually is only true for MD5 and SHA1) and
a mapping function alg_info_esp_sadb2aa() is not entirely clear to
me.
Why alg_info_esp_sadb2aa() uses a switch(sadb_aalg) with case
values both from SADB_AALG_XXX and AUTH_ALGORITHM_XXX is even stranger
commit a41ba29c53feaeb4a38b34a8df894d38b7ab7910
Merge: d7694d3 3e25c7b
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 2 19:15:18 2012 -0500
Merge branch 'master' of ssh://vault.openswan.org/openswan/openswan
commit d7694d3a8db2e358dbd911a4138ed63926b86f3d
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 2 19:08:48 2012 -0500
* Support SHA2-256 with proper 128 and broken 96 bit hash trunction
The Linux kernel uses a broken 96 bit truncation via xfrm_algo. A
new structure was added xfrm_algo_auth, that has an additional
hash length truncation field one can use.
However, openswan has a hard time using and passing this new option
(as parsing esp=aessha2_256-96 will cause the "96" to be interpreted
as key length, not hash trunction length), so instead we use a
"private use" Authentication Algorithm named "sha2_256_trunc".
Example use: esp=aes-sha2_256_96 (or use phase2= instead of esp=)
This value then needs to be correlated to the real "sha2_256"
algorithm, before we send it out in our proposal, and we need to
match it back to our private number on the incoming proposal.
commit d9cc8e25236317f4388759e2931fa52c23b07a98
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Mar 2 18:33:09 2012 -0500
* Fix loop over random_devices which tried iterating one time too often
commit 3e25c7bcac6000e3c6a4434bd598547b76778dc1
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Fri Mar 2 10:18:02 2012 -0500
Update debian/rules to also ship the patches for Ubuntu Natty's kernel (2.6.38) and Oneiric's kernel (3.0.0).
commit 0fbb665480fe88ec7c82c8d36e48415d78b79ee5
Merge: 650c2e9 ab93ec4
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Fri Mar 2 10:13:17 2012 -0500
Merge branch 'master' of vault.openswan.org:/openswan/openswan
commit ab93ec47c7291ddc5a13597419650152e32cdd7e
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Mar 2 16:18:07 2012 +1000
Do not return errors from parse header op
The code in linux/net/packet/af_packet.c uses the return from this
function directly for "sll->sll_halen" and things go bad if we return
-ENODEV, as in complete system crash and burn.
This happens on ppp devices and other devices without a header_op(s).
Just return 0, which is what netdevice.h does.
commit 58696dbf4b560040d42ccd219058deef4cb3bade
Merge: d0e8519 60e319d
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Mar 2 15:52:24 2012 +1000
Merge branch 'master' of ssh://vault.openswan.org/openswan/openswan
commit 60e319d4272d5eab9a16390152cd8fcc17330854
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 29 22:01:21 2012 +0200
fix XAUTH unbound integration only to query unbound pid if cisco xauth is used
commit bf5f8d667a08890532a66df8026de0ed29ed5ec7
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 29 21:15:05 2012 +0200
fixup syntax errors from _updown.netkey
commit e23c682f9ee4a554fe5935bedc8b78f394e133b9
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 29 18:03:10 2012 +0200
Fix typo in narrowing.xml and cleanup formatting
commit 8b55b44a6320469b53031ad06fcd2dd2bbd15a28
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 28 11:32:17 2012 -0500
* Update manpage to list undocumented phase2=ah+esp to interop with racoon
commit 9cd2c94c41f3a2668283f9bb5a7479dad5f24fd5
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 27 20:09:06 2012 -0500
updated changes
commit 18f813b36afcab737a94392c050ccc1b548c8ea9
Author: Jonathon Padfield <jonathon.padfield at gmail.com>
Date: Mon Feb 27 20:08:02 2012 -0500
* SAref patch ported to linux 3.0.0 kernel
commit bc1e57cb7437abc976019959e8fd44d3ff80789f
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 23 01:07:39 2012 -0500
* XAUTH: Automaticly update DNS when unbound is detected
This brings is up to the latest svn unbound syntax for this feature.
commit 9b0a64ccc061ea7ed38633f84530e2cf4a4ea19a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 22 13:47:40 2012 -0500
minor README.rfcs update
commit a6a4d734bb744df8bbc0a4fc239a0054d42ed33d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 19 23:50:29 2012 -0500
* Make note in comment about host/network order of msgid_t
The IKEv2 code was doing it badly, mixing up what was host and what
was network order. We will change this type from rt_raw so that the
packet marshalling code in out_struct() and in_struct() will deal
with it properly for us. For now we tried to reduce the ntohl/htonl
calls by making it host order for ikev2
commit 00369122aa2f2b3524246cf0ddb6ad6a2d0c7177
Merge: 8c67f52 2eef471
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 19 23:16:21 2012 -0500
Merge branch 'ikev2_ts'
commit 8c67f520370acdd87408cca8770df7241be613b2
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 17 10:04:27 2012 -0500
* updated changed
commit b44418272c1fbd686cb4e7ca860494664270a04b
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 17 09:59:14 2012 -0500
* Rip out the ISAKMP_NEXT_NATD_BADDRAFTS / NAT_TRAVERSAL_OSX hack
This was probably needed before OSX/iOS supported the RFC properly,
and we had to override it. Now, however it just caused confusion
and broke a proper RFC compliant OSX client.
commit ff85d1de33b68259fdc5cafc3a0b97ad790ab1fa
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 17 09:23:25 2012 -0500
* NAT-T: Fix OSX clients on public IP
We preferred VID_NATT_DRAFT_IETF_IPSEC_NAT_T_IKE over VID_NATT_RFC.
We also send more draft VIDs. We now only send the RFC VID, and the
VID_NATT_IETF_02_N / VID_NATT_IETF_03 VIDs. The latter two are to
support Windows XP. The rest of the world has moved on to implement
the 7 year old RFC properly.
Changed some debugging options, which will require testcase output
updates.
commit 2eef4713dfb57bc2c6f8ebc77d4c6464aa742086
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 14 01:13:50 2012 -0500
forgot to rename the ikev2_subnettots prototype
commit e35dc5c5d40cc0ce1740ea73b1f08578c92ee583
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 14 00:39:55 2012 -0500
* IKEv2: fix traffic selector construction - remove duplicate code.
I renamed ikev2_subnettots() to ikev2_end_to_ts() since it not only
converts subnets, but also protocol and port range (and sets ts_type)
commit fddf777cfb9504769fdc2eeab933c647309e615e
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 13 22:46:20 2012 -0500
* Attempt to flush the unbound cache for DNS domains obtained via XAUTH
When we receive a domain via PLUTO_CISCO_DOMAIN_INFO, in the updown
scripts we now check if there is a local unbound resolver running. If so,
we flush the cache of that domain (and every subdomain of it).
We do the same on disconnect of teh VPN.
This will ensure that unbound does not have internal IP entries in its
cache when dropping the VPN.
Note that we are waiting on unbound to finish implementing the method:
unbound-control forward_zone redhat.com 1.2.3.4 5.6.7.8
That way, once we connect the VPN, we can dynamically reconfigure unbound
to forward all queries for the PLUTO_CISCO_DOMAIN_INFO to the servers
we received in $PLUTO_CISCO_DNS_INFO.
This will even work when using multiple tunnels to different domains!
A similar updown script should be written for pppd to ship with xl2tpd,
so it does the same for IPsec/L2TP connections.
commit 1a7f3e6331929a5be41cdf496086142ce290d72a
Merge: a500d38 b246a96
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 13 21:57:24 2012 -0500
Merge branch 'master' into ikev2_ts
Conflicts:
programs/pluto/ikev2.c
commit b246a96de07fa95766474813b16b7d4ebb7f01de
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 13 21:54:48 2012 -0500
* IKEv2: log unexpected isakmp protoid in received informational delete
commit b65ebad6c9cd51fe93ad4d974c98d70eb435b506
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 13 21:51:00 2012 -0500
* IKEv2: increment msgid before using it in process_informational_ikev2()
commit b96cdbcb9ca3b248aa6577163df3f94db314b60d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 11:27:06 2012 -0500
* IKEv2: Adding informational exchange [Avesh]
commit 1985137890bed94b16e914c5a4c4e61a454ca18c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 13 11:32:52 2012 -0500
* security_selinux.[ch] were not commited in previous Labeled IPsec commit
commit a500d3836ab849749476f1b27a1a45b5b3c65853
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 13 11:32:52 2012 -0500
* security_selinux.[ch] were not commited in previous Labeled IPsec commit
commit b60ed0e7619fa3193a5af425d2604d5b200c1b08
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 23:09:36 2012 -0500
* Added Labeled IPsec (Requires selinux, disabled by default)
This merges in Red Hat's patches:
- openswan-labeled-ipsec.patch
- openswan-711975.patch
commit 13d4f0ad5c7ac380cdbb909dd54bb7d933c1dc33
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 23:09:36 2012 -0500
* Added Labeled IPsec (Requires selinux, disabled by default)
This merges in Red Hat's patches:
- openswan-labeled-ipsec.patch
- openswan-711975.patch
commit d478ac619004ce2162a64ac6b7435db72e1e1b56
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 22:39:29 2012 -0500
* IKEv1 fixes to XAUTH/ModeCFG rekey #rhbz658253-658121 [Avesh]
Changed from the RHEL patch to not blindly delete IPs, as we might
have other reasons to set a SOURCEIP. So only delete when the remote
peer is of type cisco (eg xauth/modecfg)
commit 5f918b51038b0ad81ec45d16fbad4a5d5b981124
Merge: 3dde6ae c22b1aa
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 21:36:41 2012 -0500
Merge branch 'master' into ikev2_ts
Conflicts:
include/pluto_constants.h
lib/libopenswan/constants.c
programs/pluto/ikev2_parent.c
programs/pluto/plutomain.c
programs/pluto/whack.c
commit 3dde6ae5e6453550148e8f2b32e5aeeed1c50ab9
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 21:28:13 2012 -0500
* IKEv2: return v2N_TS_UNACCEPTABLE when appopriate
if traffic selector narrowing is needed but not allowed, or if
the narrowing is not supported (non CIDR network) or the narrowing
violates our local policy, return v2N_TS_UNACCEPTABLE.
(I don't think this makes it up the call chain properly yet)
commit c22b1aaef827e573f83326e88dcaa25b13b35bda
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 21:16:18 2012 -0500
* IKEv2: increment isa_msg when sending ISAKMP messages.
Added void increment_st_msgid(struct state *st) which is called
before setting n_hdr.isa_msgid on outgoing messages.
Retransmits re-use the built message, so these are not incremented.
We remember the stored incremented value in st->st_msgid_nextuse
(which was already part of the struct, but never incremented)
commit 78b07fc196ea786ea4f7630ecb8a098a29b3999e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 21:16:18 2012 -0500
* IKEv2: increment isa_msg when sending ISAKMP messages.
Added void increment_st_msgid(struct state *st) which is called
before setting n_hdr.isa_msgid on outgoing messages.
Retransmits re-use the built message, so these are not incremented.
We remember the stored incremented value in st->st_msgid_nextuse
(which was already part of the struct, but never incremented)
commit aed7f2765789e45f9c80efb0089c64c1d782e3ea
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 19:21:51 2012 -0500
fixup
commit 17324fcddefd48c540ca26a11e5499bc47d43e65
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 19:09:44 2012 -0500
* IKEv2: incorporate some of the POLICY_IKEV2_ALLOW_NARROWING checks.
commit 1be435aa4afc7caee3d22fc5c9da037416a06881
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 17:30:49 2012 -0500
* IKEv2: Added narrowing=<no|yes> option for IKEv2 narrowed Traffic Selectors
See "man ipsec.conf" for details. See also RFC-5996 Section 2.9
http://tools.ietf.org/html/rfc5996#section-2.9
commit 774c9a770a73b510e92928afaea97e1a44f25d5b
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Feb 12 00:25:01 2012 -0500
* Added another work around for the 6in6 testcase regarding connaddrfamily
This time for westnet-eastnet-6in6
commit 5b46e79d807e4ac66132d708b6d1b909f655e325
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 11 22:24:09 2012 -0500
* Rewrite ipsec.conf.common to work around connaddrfamily issues
connaddrfamily= gets confusing via many also= loads because in some
cases it cannot and in some cases it should be there. It should really
be phased out. Once we know left/leftsubnet/right/rightsubnet, we
can deduce the connaddrfamily. Though a little more complicated on %any
and %defaultroute conns.
commit b17888348f6c81c397b829cff783922362666238
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 22:05:39 2012 -0500
* subnet checks for traffic selectors, and instantiation framework
(though latter still disabled)
commit 264fcee6c0aa42f78f5a5ece21c7c986f566ff7a
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 21:36:46 2012 -0500
* ikev2 instantiation for traffic selector test
commit 19bdd50171bd0b6cefec7905669bc07d516503dd
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 20:00:51 2012 -0500
ikev2.c cleanup
commit d502b3ead6d5d5bcdcb439441029f5b05191d3d9
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 19:56:47 2012 -0500
commet out wrong spot
commit 6f943cc83ed0d8fa5cedf673fa2bc9b2b737f47a
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 18:36:00 2012 -0500
* initial ISAKMP_NEXT_v2TSr payload procesing
commit 4d46213bf0e404c0b92d8f3f48c27ef46d23e329
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 16:28:51 2012 -0500
* fix narrow code
commit b09cf232467a19b8086a0a0a6a265bd3cbd13904
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 16:22:08 2012 -0500
* length is in bytes, not bits.
commit 0864b8720fff9c4a978918d392a356000e050334
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 15:33:44 2012 -0500
* IKEv2: Fix Traffic Selector length
commit 5e7819d587b4f80179ce8aac840a4903aeb6c6cf
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 15:23:43 2012 -0500
* IKEv2: Reflet desc name with that the TS payload is singular
commit 0ee3071be0cb00d30c6d3e834d96ba508bb4ce7e
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 15:15:47 2012 -0500
* IKEv2: Fix traffic selector endport and set ts_i as well as ts_r
If our port is 0, use 65535 as the endport. Depending on whether we
were inititor or responder, we were still not setting some traffic
selector settings
commit 11d44c3204781e6031ec8bc10d4f048f1037974d
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 14:43:42 2012 -0500
* IKEv2: ikev2_calc_emit_ts() needs to set TS type for both ends.
commit 3c7b8e7d27bd292631e867e3dc1ef982dc83c7dd
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 14:33:42 2012 -0500
* IKEv2: ikev2_calc_emit_ts() was not setting the Traffic Selector type
commit 6fd6ff3547869b57e650b74930b8630678231818
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 14:02:24 2012 -0500
* IKEv2: missed one AF_INET conversaion case in ikev2_emit_ts()
commit 928eac2cb80074d838bc2242944ef95c3d990dc6
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 12:50:08 2012 -0500
* IKEv2: Use IKEv2, not IKEv1 or sin_family traffic selector values
Do not use ID_IPV4_ADDR_RANGE or sin_family, as these do not map one
to one to the IKEv2 Traffic Selector type.
The code wrongly assumed IKEv2_TS_IPV4_ADDR_RANGE == ID_IPV4_ADDR_RANGE == AF_INET
I changed the name of traffic_selector.sin_family to
traffic_selector.ts_type to make that more obvious.
commit 0c9d43a4f611c4c047ff58a0bbc41b64f71ec5c8
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 11:42:11 2012 -0500
* IKEv2: fix previous commit - clear the mdp pointer.
commit 6e495ca7a49dc93c24237bd3fe5a671683bd5aaf
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 11:42:11 2012 -0500
* IKEv2: fix previous commit - clear the mdp pointer.
commit fce7fa0c87bd468df4242e19128eca6a884f6fee
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 10:50:29 2012 -0500
* Added testcase for IKEv2 nhelper problem (commit eabf83639)
commit 05edc7769f4c962012fb00e1102dedd01fb5f23a
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 10:41:54 2012 -0500
* IKEv2: Initiating IKEv2 with nhelpers=0 failed
This was was caused by a special STF_INLINE case in process_v2_packet()
that claimed:
case STF_INLINE:
/* this is second time through complete
* state transition, so the MD has already
* been freed.
0 /*
*mdp = NULL;
break;
As a result, we never called success_v2_state_transition(mdp)
I am not sure what this code intended to do, as AFAIK, there
would never be two passes for STF_INLINE. Perhaps this was meant
for one of the other states, like STFSUSPEND or STF_TOOMUCHCRYPTO?
commit 8948cad07b93c8e42ea40c8a446b41bbe917e90c
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 10:50:29 2012 -0500
* Added testcase for IKEv2 nhelper problem (commit eabf83639)
commit eabf83639bde020d5267be8f8e0c70604cfad965
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 10:41:54 2012 -0500
* IKEv2: Initiating IKEv2 with nhelpers=0 failed
This was was caused by a special STF_INLINE case in process_v2_packet()
that claimed:
case STF_INLINE:
/* this is second time through complete
* state transition, so the MD has already
* been freed.
0 /*
*mdp = NULL;
break;
As a result, we never called success_v2_state_transition(mdp)
I am not sure what this code intended to do, as AFAIK, there
would never be two passes for STF_INLINE. Perhaps this was meant
for one of the other states, like STFSUSPEND or STF_TOOMUCHCRYPTO?
commit a9b5bc08119c418f6b08f3901d6f84992093e9f5
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 10 00:16:58 2012 -0500
* undo most debugging I added. I keep breaking this fragile code with it :(
commit 7f27badc1dfc3374c9abcd541210280b6b5fecfe
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 22:59:54 2012 -0500
merge to partially old :(
commit 434d1dec1f57698b2907617d2323b51ea6e98564
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 20:17:28 2012 -0500
sync avesh/paul cookie/msgid
commit 3f416172acd91a9c6182f1aa6e78503f80ae953c
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 17:14:35 2012 -0500
* IKEv2: Add more msgid logging
commit 07589afaa993fd2370ddf0f985be4314dd48122f
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 15:00:38 2012 -0500
* Added --impair-send-bogus-isakmp-flag option for testing
This option causes pluto to send packets using a RESERVED ISAKMP
flag, currently defined as ISAKMP_PAYLOAD_OPENSWAN_BOGUS.
See testing/pluto/ikev2-isakmp-reserved-flags-*
commit b2314e50ddb4e484504f2ffb6bcf3266d2ce2566
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 14:56:10 2012 -0500
* Added two testcases for sending a RESERVED ISAKMP payload flag.
The console output for these still needs to be corrected
commit 611daa837c93d8c4ed021b7e5ce625f4b765fceb
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 13:01:20 2012 -0500
* Fixup of previous impair-retransmit commit, move attempts to max
This will cause the state to be deleted as final failure.
This also fixes displaying "impair-retransmits" in ipsec auto --status
commit 59ed64b359eb59be35c4cf970a8bc1a6f05a6f93
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 13:01:20 2012 -0500
* Fixup of previous impair-retransmit commit, move attempts to max
This will cause the state to be deleted as final failure.
This also fixes displaying "impair-retransmits" in ipsec auto --status
commit 650c2e9f0cb79446e069a93a150f96d087d0b502
Merge: 80c8095 c52718d
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Thu Feb 9 12:26:24 2012 -0500
Merge branch 'master' of vault.openswan.org:/openswan/openswan
commit c52718d69a36aa5b09d8b14b35b06da57a2fa38d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 12:20:10 2012 -0500
* Added --impair-retransmits to prevent pluto from retransmitting IKE packets
During testing when reading lots of logfiles, it is often useful to
supress retransmits of IKE packets to avoid cluttering the logs with
retransmit data (or running an ipsec auto --down connname)
As with other impair functions, you can activate this dynamically using:
ipsec whack --impair-retransmits
or by specifying --impair-retransmits as argument to pluto,
or by adding plutoopts="--impair-retransmits" to 'config setup' in ipsec.conf
commit 6c988cc030fc2da21085c9ea96d693599b1687eb
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 12:20:10 2012 -0500
* Added --impair-retransmits to prevent pluto from retransmitting IKE packets
During testing when reading lots of logfiles, it is often useful to
supress retransmits of IKE packets to avoid cluttering the logs with
retransmit data (or running an ipsec auto --down connname)
As with other impair functions, you can activate this dynamically using:
ipsec whack --impair-retransmits
or by specifying --impair-retransmits as argument to pluto,
or by adding plutoopts="--impair-retransmits" to 'config setup' in ipsec.conf
commit 9ece4207002ed8b9c151315720fc7c4d17bddac4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 9 11:13:44 2012 -0500
* IKEv2: fix cookies (IKE SPI) handling - msgid handling needs work
commit 80de47d072d1b379dd3791b3dbbca6af66b1db75
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 23:07:28 2012 -0500
* X509: Fix cert_defaultcertpolicy to reflect reality of cert_alwayssend
Our default policy for sending certificates apparently is to always
send it (which is questionable IMHO) but the cert_defaultcertpolicy
define reflected the old situation of cert_sendifasked.
commit d19b6a74b1e4cd0e3848636956a8e829244292df
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 23:07:28 2012 -0500
* X509: Fix cert_defaultcertpolicy to reflect reality of cert_alwayssend
Our default policy for sending certificates apparently is to always
send it (which is questionable IMHO) but the cert_defaultcertpolicy
define reflected the old situation of cert_sendifasked.
commit 332ee1aa67381e1c0bca9c849d3b72397aea19d4
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 19:04:28 2012 -0500
* KLIPS: Cleanup ipsec_kversion and add support for UNAME26
kernel 3.x maps to 2.6.40+x with the UNAME26 patch.
Without this, compilation of "2.6.41" fails on my old Fedora 14 system
because HAVE_NETDEV_PRIV was only set for >= KERNEL_VERSION(3,1,0)
commit 81f27a590c03b92993775524c3e783998e6560e5
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 19:04:28 2012 -0500
* KLIPS: Cleanup ipsec_kversion and add support for UNAME26
kernel 3.x maps to 2.6.40+x with the UNAME26 patch.
Without this, compilation of "2.6.41" fails on my old Fedora 14 system
because HAVE_NETDEV_PRIV was only set for >= KERNEL_VERSION(3,1,0)
commit f218f3287cbe685293fe22bbe80a91d85eb7a31e
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 17:03:29 2012 -0500
* OSX: Delete old compiled .a files from source tree
commit e8963ab153b51d54270aeeeb5a956c20c5f260cf
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 17:10:50 2012 -0500
* IKEv2: Disentable IKEv2 notifications from IKEv1
We were re-using the IKEv1 notification_t for IKEv2. It was confusing,
leads to errors and eventually conflicts in the IANA v1 and v2 registries.
ikev2 code now uses v2n_notification_t, notify names all prefixed
with v2N_
commit c0365cbf7aabb03b07d4e5984ac0cf3ac28a97e2
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 17:04:06 2012 -0500
IKEv2: Disentable IKEv2 notifications from IKEv1
We were re-using the IKEv1 notification_t for IKEv2. It was confusing,
leads to errors and eventually conflicts in the IANA v1 and v2 registries.
ikev2 code now uses v2n_notification_t, notify names all prefixed
with v2N_
commit 4877d5dd73f0fad2be20c63a5c1f5b3e94d0e3c5
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 17:03:29 2012 -0500
* OSX: Delete old compiled .a files from source tree
commit 25514aa5274219fcb4b0f8d70fc18193509bae54
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 12:43:31 2012 -0500
ikev2_child_sa_respond() code to narrow the connection. still needs
instantiation?
commit 056664579ec4f76044fa6029e095d1179e99af4e
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 12:42:29 2012 -0500
* add TSI/TSR markers for logs
commit e315133ce52d79d7047e9d074dc002217817eb20
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 12:01:46 2012 -0500
* Lingering whitespace / logline change change
commit d00431a39c783d3cdc4948c9d57504ff5d329a00
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 11:50:31 2012 -0500
* Fix pointer cast to const for check_expiry_msg in list_public_keys()
commit c27ac464daecbb475079042382ae25fa69103538
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 11:49:38 2012 -0500
* Fix pointer cast for dc.ptr in ikev2_parent_inI1outR1_tail()
commit 6217842485076b0b9d2c6089078ff333a74e0117
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 8 10:24:26 2012 -0500
* Fix pointer reference to ikev2_ts_type_name
(and testing the new commits mailing list and CIAbot)
commit be0ef9a9ee1eda8e650448441dcf746ef6bddb4a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 7 23:52:20 2012 -0500
* Added missing names for impair-*-version-bump to debug_bit_names
commit 9c1e1188fc0d5216273d11068525ef73e36413ed
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Feb 7 20:34:40 2012 -0500
* Added testcase ikev2-algo-04-aes-gcm
commit e8deec22eb9fa5007d96a4a5d95fe505d04daa3c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 6 19:57:24 2012 -0500
* IKEv1: Fix various STATE macros (related to aggressive/xauth/modeconfig)
- PHASE1_INITIATOR_STATES was missing XAUTH and ModeCFG initiator states
- IS_PHASE1_INIT(s) was missing above states too, as well as having a bogus
STATE_AGGR_R2 state included.
- IS_ISAKMP_AUTHENTICATED(s) was not excluding STATE_AGGR_R0/STATE_AGGR_I1
- IS_ISAKMP_SA_ESTABLISHED(s) was missing STATE_MODE_CFG_I1
- ISAKMP_SA_ESTABLISHED_STATES was missing STATE_MODE_CFG_I1
Thanks to Henrik Langos <hlangos-openswan at innominate.com> for pointing out
these had gotten out of sync.
commit 39516bf8c41bf2d929eeb6762e0c23740cdb639c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 6 17:40:10 2012 -0500
* remove trailing whitespace
commit 99eb12bf15b60b430a9ca17e3e6f3a81480f3e3d
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 6 17:39:07 2012 -0500
* ikev2-07-biddown was missing from the TESTLIST
commit 6c2127c7d3e2f1b12edac615a93f179a1f60723a
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Feb 6 17:38:33 2012 -0500
* Added testcase ikev2-08-delete-notify
commit e864f72ae1e7cdfd98e4e643d60dae460be75911
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Mon Feb 6 17:19:36 2012 -0500
* IKEv2: Add support for IKEv2 Delete Payload
commit 596399f83d26ffb7ffd9521f8d1a1843af2f6fde
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 4 23:28:47 2012 -0500
* Fix possible memory leak of qke in quick_outI1()
commit d4b780f057019efd399ac668452cb056eb68469b
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 4 21:22:09 2012 -0500
* Fix typo in commented out example for -DLEAK_DETECT<I>VE
commit b6d6b1ea241fece90955f0052d1ac9444a043435
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 4 21:13:40 2012 -0500
* Fix leaking a ipsec_conf_dir
commit 24a65233d591ab94e1410f4dd0eccf1627f5a155
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 4 19:51:38 2012 -0500
* Removed a chunk of #if 0 code
commit 67fd54d1940a00d666f24c020029de21c713b661
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 4 18:23:16 2012 -0500
* Fix memory leak of dirent filelist in load_crls()
commit 708f715f76e268ac997267710f270b79f6d4f21c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 4 18:17:32 2012 -0500
* Fix memory leak of dirent filelist in load_acerts()
commit 56f6cda26c4c18ee749c5fad96dd4b848281bb81
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 4 17:50:44 2012 -0500
* Fix possible memory leak in showhostkey
commit 575712309381bb2f401000b661f199a634f4e6a8
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Feb 3 19:56:32 2012 -0500
* KLIPS: Fix jiffies wrapping problems
Here's a patch to fix a jiffies wrapping problem. On 32bit systems
with current kernels jiffies wrap 5 minutes after booting. Any tunnels
that are brought up before the wrap are affected. The time values in
/proc/net/ipsec_spi become bogus (very large) after the wrap.
I went through and found any other jiffies calculations I thought needed
work while there
commit 1c8048b915b0f2e5d049e772917bca1233706fbc
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 17:39:50 2012 -0500
* DPD: DPD failed within certain XAUTH/ModeConfig states
ISAKMP_SA_ESTABLISHED_STATES did not contain all valid states, and
was mismatched with IS_ISAKMP_SA_ESTABLISHED(s)
Found by Henrik Langos and Murat Sezgin
commit 2e1d84636e40398545d9f4d1cdc4e3cdb07bd667
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 17:32:21 2012 -0500
* XAUTH: Allow compiling aggressive mode without xauth
commit 77edda35f91ad11725e299aad70a2be971a6c60c
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 16:45:11 2012 -0500
* XAUTH: Send notification on bad ModeCFG exchange packet [David]
commit 6d20132d00f04442e846f9277a7747b1d1d3b7aa
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 16:38:10 2012 -0500
* DPD: Don't log a "took too long -- replacing phase 1" for each pending phase 2
This also ends the loop on the first stuck phase2. No need to keep looping
commit 01b37fd0d1d3ba5b29d63515fce3e1d81e6a7596
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 16:30:20 2012 -0500
* Fix DPD logline to tell the truth about pending + dpd time
It did not take the "3x" into account.
commit ba489c8204fd2e5844e49d41df8fb36a634278dc
Merge: e5ec369 500976b
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 02:56:31 2012 -0500
Merge branch 'master' of ssh://vault.openswan.org/openswan/openswan
Conflicts:
programs/pluto/ikev2.c
commit e5ec36944252d49d666b07d0d12644c58df32b28
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 02:53:22 2012 -0500
* Fix connection struct leak when getting bogus proposals
Such as AH+ESP or neither. or esp/ah without any transforms.
commit 500976b80b06abdc696f0b2a6f9153c05e4dec0e
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 01:35:59 2012 -0500
* Fix comment at duplicate_state() to reference IKEv2 as well
commit 069e35d7e0bf195d0a3c893f52e50596e1185631
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 01:33:56 2012 -0500
* IKEv2: in ikev2_parent_inR1outI2_tail() copy idprotoid and ports in ts
On the initiator, also copy our protoport policy into an IKEv2 Traffic
Selector Payload. Note that we only support "all ports" or a single port.
commit 35bd957a0dd191fdc649b7e2826da32140a5e13f
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 01:29:09 2012 -0500
* IKEv2: If finding a better matched conn, copy ipprotoid into traffic selector
When switching to a better connection bsr in ikev2_child_sa_respond(),
also copy the ipprotoid into the IKEv2 traffic selector payload
commit b15269bb5a0effa49b600c2aade86322e4189397
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 01:24:11 2012 -0500
* IKEv2: ikev2_evaluate_connection_fit() also checks protocols and port ranges
And logs these as well when testing for a better fit.
commit fa5a8149d6e8bcc66a0670c6a8271dc9818a287b
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 01:09:36 2012 -0500
* IKEv2: If responder narrows proposal, update Traffic Selector payload.
See http://tools.ietf.org/html/rfc5996#section-2.9
When the responder chooses a subset of the traffic proposed by the
initiator, it narrows the Traffic Selectors to some subset of the
initiator's proposal (provided the set does not become the null set).
The function ikev2_port_in_range() was added to deal with the strange
situation of port ranges. We can only specify one number, which means
"all ports". Port ranges of 0-65535 and 0-0 both mean "all ports".
In ikev2_calc_emit_ts() when we are RESPONDER, we narrow the traffic
selectors with protocol and port ranges. Matching on more-specific
subnet ranges was already done by picking the best connection.
Note that we currently have no way of specifying a non-all range of
ports via our configuration. We log a warning if we see these in
the traffic selector,
commit 9803e08790d001f44f6ce26001e1bc81b9d52404
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 00:58:49 2012 -0500
* IKEv2: Also log protocol and port ranges on tunnel establishment
commit ec23e39d96e2c636223b436aad91e6245bae7354
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 00:42:48 2012 -0500
* IKEv2: Don't try to out_raw() a v2 notification payload that's empty
commit 3ab6cd44b050a57ca11cbf384d6fc883052aa59a
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 00:24:57 2012 -0500
* Fix typo Notifiy -> Notify
commit dc61f0e433546b26f0b4b843e5639b0b1ad49aaa
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 3 00:13:29 2012 -0500
* IKEv2: Fix crash on max number of retransmissions reached STATE_PARENT_I2
In ipsecdoi_replace() there is a check for the kind of state we are in to
see if we should save some partial policy we got out of the connection so
far into the state. It did not account properly for the STATE_PARENT_I2
and so it thought it had more policy then there really was, hitting a
passert.
This showed up as:
[root at oswtest1 openswan.git]# ipsec auto --up test
133 "test" #3: STATE_PARENT_I1: initiate
133 "test" #3: STATE_PARENT_I1: sent v2I1, expected v2R1
134 "test" #4: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_128 integ=sha1_96 prf=oakley_sha group=modp2048}
010 "test" #4: STATE_PARENT_I2: retransmission; will wait 20s for response
010 "test" #4: STATE_PARENT_I2: retransmission; will wait 40s for response
[...]
010 "test" #4: STATE_PARENT_I2: retransmission; will wait 40s for response
031 "test" #4: max number of retransmissions (20) reached STATE_PARENT_I2. Possible authentication failure: no acceptable response to our first encrypted message
000 "test" #4: starting keying attempt 1 of an unlimited number, but releasing whack
At this point it would hit the passert.
commit b6fad7871090b58ca38ac909b36ef2d92166dd08
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 2 23:23:59 2012 -0500
* IKEv2: Allow notification messages with empty Notification Data
I am not sure why we did not allow this. When one side rebooted and
a retransmit came in for a lost IKE SPI, we would not send the notify
message because we had no Notification Data to add to the notify error
of type v2N_INVALID_MESSAGE_ID.
Note: Shouldn't that error be IKEv2_INVALID_IKE_SPI ?
commit 4c00dda5888fab2761a1030a73a59e84e8369e00
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 2 22:41:56 2012 -0500
* IKEv2: Added traffic selector type names
IKEv2 traffic selector lookup was erroneously using ident_names
causing it to log lines talking about ID_FQDN like:
| ******emit IKEv2 Traffic Selectors:
| TS type: ID_FQDN
| IP Protocol ID: 0
| start port: 0
| end port: 0
commit 8d0a2e528c3a56d2f9d38d06e406aad83845048a
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Feb 2 20:36:57 2012 -0500
* Remove bogus log "received packet that claimed to be both (I)nitiator and (R)esponder"
The icookie (initiator IKEv2 SPI) is always set. The rcookie is set on all but
the first packet. Whether one is initiator or responder can only be found out
via the state beloing to the set of icookie/rcookie.
commit 58d824857ca27a4b16794eda18733e0f5d8ce447
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 1 22:59:09 2012 -0500
* IKEV2: log proto and port range in "negotiated tunnel" message.
commit 11dd79702be4c3733bd3f55ab900259713b68277
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 31 17:45:00 2012 -0500
* fix protoport typo in testcase
commit 585cbc02590f6309a4f5ed87d3361814c2142322
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 31 17:39:15 2012 -0500
* Fix ikev2-allow-narrow-01 testname in west/eastinit.sh
commit 0614e961a9b49d6e12d9538d45779647c01ec4bf
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 31 17:19:49 2012 -0500
* Updated TESTLIST
commit 06611aaf67546ee9ec25dff5e2ebddab572de4f7
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 31 17:19:32 2012 -0500
* testing: Add ikev2-allow-narrow-01 testcase
commit fd17890d81ebfa1bb5026fa01001dc96c49c5c5a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 31 17:10:08 2012 -0500
* Updated CHANGES
commit 25f454e20185b494a5034c393295efe36ecdf16c
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Jan 31 17:04:59 2012 -0500
* Handle leading zeroes in DH keys
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit a99a35bbd204b554f352a304336417cf99daf8a8
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Jan 31 17:01:08 2012 -0500
* IKEv2: IKE-SA_INIT with INVALID_KE_PAYLOAD Notify Payload should continue
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 539668755f76b3d1fe93273dd9d4a1a4df87cfa6
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Jan 31 16:43:21 2012 -0500
* IKEv2: incorrecty sent PAYLOAD_MALFORMED on unknown minor version
See: See http://tools.ietf.org/html/rfc5996#section-2.5
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 463529cf9a7d295c62f0b9e821937a9cd25a46da
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Jan 31 16:39:35 2012 -0500
* IKEv2 should ignore unknown RESERVED bits in payload
The critical bit was compared as a byte instead of a bit. This lead to
failing to ignore non-critical new flags.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 2ed77db0050d738dc86cd93a7383af9adaf5c79e
Merge: b8f8c9c 7598655
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 31 00:06:56 2012 -0500
Merge branch 'master' of ssh://vault.openswan.org/openswan/openswan
commit 7598655afda55960c2681784e7135b7c977f2e15
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 31 00:06:34 2012 -0500
* Updated changes
commit b8f8c9cfad5017a9aea17786cff20a608ceef72a
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 30 23:42:10 2012 -0500
* Implement sending higher IKEv2 major and minor versions
This is used for testing interop compliance with RFC5996 Section 2.5
See http://tools.ietf.org/html/rfc5996#section-2.5
We currently send 3 for a fake major version and 1 for a fake minor
version. This needs to be updated once such versions actually exist.
This is used by testcases ikev2-major-* and ikev2-minor-*
Note that this also fixed processing DBGOPT_IMPAIR_JACOB_TWO_TWO, as
that option was mistakenly left out when DBGOPT_LAST was not updated
when DBGOPT_IMPAIR_JACOB_TWO_TWO was added after DBGOPT_IMPAIR_DIE_ONINFO
commit ed266324a062127f04cbb928419f798a2e90053d
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 30 23:40:31 2012 -0500
* Fix comment typo in version
commit 8de58065845f1e74b55280f3cb7000c8e990022b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 30 21:58:59 2012 -0500
* Add 4 test cases for major/minor version number mismatches in IKEv2
This is to test http://tools.ietf.org/html/rfc5996#section-2.5
It uses two new options to pluto's whack:
--impair-major-version-bump
--impair-minor-version-bump
These options will make pluto increase the major or minor number.
Tests run for major/minor increase on both responder and initiator.
No actual new message type for the hypothetical new version is tested.
Once IKEv2.1 actually is releases, such a test should be added.
commit 82931b769ba04bf9497eb669dec51558cf47787d
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jan 27 17:46:24 2012 -0500
* Updated the htpasswd references to include mentioning DES
On some systems, htpasswd -d instead of htpasswd -m had to be used
for htpasswd file based authentication (XAUTH without PAM)
commit 86d5adf6f3428866061684a5d0a5bef6f24e8c6b
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jan 27 10:54:53 2012 -0500
* Remove old RCSID references from openswan-1 CVS and eariler
commit e312abd86ac799ff77674df882d5a249eacc8c43
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jan 26 19:47:08 2012 -0500
* Added some comments and IETF references
commit cbaa91192f4ec370ba6981050db19ab831c904f0
Author: Paul Wouters <paul at nohats.ca>
Date: Fri Jan 20 11:46:27 2012 -0500
* Phase 1 ID Payload MUST be 0/0 or XXX message changed
Signifiy in the message that we will attempt to continue (this behaviour
was changed a few years ago due to too many bad Cisco VPN3k deployments)
commit bf395045e51ac83af0ca0d8ff10d81814bb21d22
Merge: addc3e1 df87d72
Author: Paul Wouters <paul at nohats.ca>
Date: Thu Jan 19 12:04:40 2012 -0500
Merge branch 'master' of ssh://vault.openswan.org/openswan/openswan
commit addc3e1497e2f1276f133c47265a90bbebe7cb7e
Author: Paul Wouters <paul at nohats.ca>
Date: Thu Jan 19 12:04:00 2012 -0500
* Remove "Warning: empty directory" for empty X.509 directories
commit df87d72cfa847790245a04854fda27403312a300
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 15 18:42:52 2012 -0500
missed an email address
commit f93198634595d9c10a8059e5d896563653d1eb97
Merge: a4caf1a 49b7f22
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 15 18:41:17 2012 -0500
Merge branch 'master' of ssh://vault.openswan.org/openswan/openswan
commit a4caf1a0717e270bcbecca874adba6b35d11ef06
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 15 18:40:40 2012 -0500
update my email address to paul at nohats.ca
commit 80c80952225b8c087a113ba30ce59eafa567bd2d
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Thu Jan 12 17:36:16 2012 -0500
Fix missing trailing whitespace
commit 49b7f22875530731442118f886734680b6f117c9
Author: Paul Wouters <paul at nohats.ca>
Date: Thu Jan 12 17:23:37 2012 -0500
* Fix two format string buglets - found by Moritz Muehlenhoff from Debian
commit 69ee5a8ab77ed40db9307dc2586b2aadd6361920
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Thu Jan 12 17:13:13 2012 -0500
Refresh debian/* from latest Debian's version.
commit 94d96094346192d0fe2b077276d4814c3a716390
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Thu Jan 12 16:10:07 2012 -0500
Refresh debian/rules using latest Debian's version.
commit 29efa863926a36ee3eab2da13b35d64415456f44
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Dec 20 19:02:35 2011 -0500
* Multiple IKEv2 connections with different ports failed
Multiple IKEv2 connections are established erroneously when the
connections are similar but have different ports associated. IKev2 code
can not find the specific connection defintions leading to incorrect
SA establishments when more than one connections exist between same
end points.
commit a2cd93a59b007f86ffe465851f9d25b75eecfa10
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 6 20:25:35 2011 -0500
* Added hmac(sha256), hmac(sha384) and hmac(sha512) XFRM netlink names
commit 10026d9cbe975f55ff0a43c7ec7fcb4fcf8dba7b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 1 11:49:48 2011 -0500
* Added struct xfrm_algo_auth for changing truncation of SHA2
Taken from 2.6.38 kernel
commit 5b6851778eac73f5dbc44a21a8e8938417056742
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Dec 1 11:33:43 2011 -0500
* Kernel changes to header files: netlink.h rtnetlink.h xfrm.h
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 65844716eda68d0892aaa19c4aac49fd109548f9
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 30 09:44:56 2011 -0500
Revert "Multiple IKEv2 connections are established erroneously when the"
This reverts commit 5ca991f394629ca8ce3c8f9de61401dd37a80a82.
commit 4886e0d33c7a47c6ebea5a8c888f972c4023ad8f
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Nov 30 09:48:13 2011 +0200
update CHANGES
commit 6be595cc2b802f3ec64d2f4eabda09ed6c2fde2c
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Nov 30 09:39:40 2011 +0200
fix bug #1294 _startnetkey selects wrong default gateway if there is multiple
commit 33aea96b36ff282f64bc9cc2a69f89ffa908826c
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Nov 30 09:10:53 2011 +0200
USE_SHA2 is not defined for libopenswan elsewhere.
Revert "* defining -DUSE_SHA2 is now done at the proper place"
This reverts commit 1eadd7b5a0392e1ecfa3182ccda345ae264ca1ee.
commit 1eadd7b5a0392e1ecfa3182ccda345ae264ca1ee
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 29 11:57:29 2011 -0500
* defining -DUSE_SHA2 is now done at the proper place
commit d9c6bad2e2ab5bdafc07cb948c8af85711076f67
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Nov 29 00:23:39 2011 +0200
Re-add LIBSHA2 to LIBSPLUTO and make sure -DUSE_SHA2 is set for pluto.
commit 3203cd13660e0e5f09c83fb4343cf784a42c6192
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 28 13:42:17 2011 -0500
* Always add libsha2
commit 110e575ccb44600c556ae85e86f233571b8762dd
Merge: 1419517 e1ae199
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 28 12:54:24 2011 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 1419517fd9469721afe496c8317f0229ce4d5aac
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 28 12:53:29 2011 -0500
* Fix SHA2 without EXTRA_CRYPTO
the libsha2.c code was not getting pulled in without EXTRA_CRYPTO=true
commit e1ae199c5de621f598e6ea58814f8b27d556882d
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Nov 21 20:03:11 2011 -0500
Typo fix
commit 7f7a291a8d2f9c832fee3cb811d76a3f99f88eed
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Nov 6 12:16:44 2011 -0500
* comments on MS NT5 vendorids
commit 90cec1192e5daec7d78c8e47c778f16d58c2bf5c
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 5 11:55:07 2011 -0400
* barf: fixups spotted by Shinichi Furuso
commit 2cb35855147eadda532dd84fb70153c359647c47
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 5 11:52:40 2011 -0400
* SUSE: packaging/suse/preamble was not properly added
commit 488fbb929a37a3ec1a746d868d7454d5abbff577
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 3 13:31:24 2011 -0400
* Add -llber to PLUTOMINUSL when using USE_LDAP
commit 6f69bbfb691572519081a1bd79277fc2b0d8465f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 3 13:08:57 2011 -0400
update changes
commit ed223e24f12a19f3609616ad0f7dbd4e0040a696
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 3 13:08:11 2011 -0400
* update userland copies of Kernel changes to netlink.h rtnetlink.h xfrm.h
commit b03409f5a86740bc6a94c6da6caf0a691ca3e840
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 3 13:06:10 2011 -0400
* Add PLUTO_IS_PEER_CISCO= to updown
commit 134f768284d0a6a4dcd0c2b503d4329c3f072c8f
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 3 12:53:44 2011 -0400
* typo in comment
commit b9d8c8fef0852e31c906d60b30a5ff16f71cc102
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 3 12:51:58 2011 -0400
* hostpair: initial_connection_sent was never set to not FALSE - removed
commit acbf3cc1ec11f1d8ce68d88d8949e19c1ea5d305
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 3 12:49:24 2011 -0400
* NSS: log error more verbosely when key creation fails
commit 5ca991f394629ca8ce3c8f9de61401dd37a80a82
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Nov 3 12:44:46 2011 -0400
Multiple IKEv2 connections are established erroneously when the
connections are similar but have different ports associated. IKev2 code
can not find the specific connection definitions leading to incorrect
SA establishments when more than one connections exist between same
end points.
commit 9001da2166ad56c94ae1f71459062542f9cf2997
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 3 11:06:04 2011 -0400
update changes
commit a3d494b09e4b0b68142f18b1c76c8ec9c23ea770
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 3 11:04:40 2011 -0400
* verify: fix false positive on IP forwarding on some perl versions
Patch by steve delaney <sdelaney39 at gmail.com>
commit a05c79185d9df7f7d533f8c2fb7adcbb15dbde08
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Thu Nov 3 10:42:07 2011 -0400
* barf: iptables-save without -t option shows all tables.
commit d49dfdec8691a2b97e79c822543196db1c08e144
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 3 10:37:00 2011 -0400
updated changes
commit a9114952d97c67f13e03e42910494060b566c2eb
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Thu Nov 3 10:35:01 2011 -0400
* SUSE: Make packaging more compliant with Kernel Module Package Manual
commit 6f13e17aba7cd03437a521e29c744a14302eda59
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 3 10:32:37 2011 -0400
* barf: iptables-save on suse is in /usr/sbin, not /sbin
commit 589cb53d367f045929b31aed997f00766530899d
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Thu Nov 3 10:22:40 2011 -0400
* DPD: packets were sent too foten
old code was last = min(p1st->st_last_dpd, st->st_last_dpd). If multiple
SA's are established over one host pair, a number of EVENT_DPD's will
fire before it receives R_U_THERE_ACK.
commit f163b052d15ae1532d60357c96e5fb7db7debb8c
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Thu Nov 3 10:16:51 2011 -0400
htonl'ed seqno was logged
commit b4c37b5d9b54d9093c087a25579c6293b2523aaa
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 28 16:46:11 2011 -0400
updated changes
commit fb58c84cc5ff39f581ea63842ccd68385fbb8165
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 28 16:43:35 2011 -0400
* Fix for CVE-2011-4073 crypto helper crash
When a helper or helper queue had work for a phase2, and the
corresponding phase1 was deleted, the helper would not get informed.
Once it had completed its work, it would try and use the old pointers
to write the work item data.
This would only happen when not running with nhelpers=0. See the CVE
announcement for more details.
commit d0e851988d9a3fdc8ec310fa90412e0e7325d1ed
Merge: 2cb8b57 69e2995
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Oct 28 11:18:04 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 69e2995fe29d33e580dd53a079ea94657cf62053
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 27 13:56:42 2011 -0400
updated changes
commit 46daaab049de3e87eb38c6473317f14876c98b12
Merge: 8b01039 7986005
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 27 13:55:20 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 8b01039506fc706ce0e26c0bf53370d679787994
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 27 12:51:38 2011 -0400
* make "requested algorithm is not available in the kernel" more verbose
We do this by falling through the switch case and hitting the default,
that causes the msg to be logged.
commit 2cb8b575818de64e4ecf64ff7b6bc63b62f8ad3d
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Oct 27 11:57:50 2011 +1000
SUBNETTOA_BUF and ADDRTOA_BUF too small for IPv6
Switch them across to use the SUBNETTOT_BUF/ADDRTOT_BUF defines
which are large enough and lose some magic numbers at the same time.
commit 7986005cccc252e1570c7d58ff6e99d213047743
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Oct 27 11:22:29 2011 +1000
fix sending icmpv6 packets in an ipv6 ipsec tunnel
Packets were getting their source address corrupted.
Neil Morehouse
commit 5898945687c16731367215597bb7734806466f6c
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Oct 27 11:20:38 2011 +1000
header_ops->cache takes an extra arg in linux-3.1
commit 3677be5411eae1150ee5a1a42032047225f38808
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Oct 27 11:18:40 2011 +1000
Should be using linux/scatterlist.h now
As on linux-3.1 asm/scatterlist.h no longer provides everything we need.
From now on use linux/scatterlist.h to get both.
Greg Ungerer <greg_ungerer at mcafee.com>
commit 059f96a113d9a1446e637172a7c7f698bfd9efba
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Oct 27 11:15:51 2011 +1000
Linux 3.1 no longer has some HAVE_* defines
Specifically HAVE_NETIF_QUEUE, HAVE_NET_DEVICE_OPS, HAVE_NETDEV_PRIV.
So make sure we know that linux-3.1 supportes them.
Greg Ungerer <greg_ungerer at mcafee.com>
commit 214c39c4da945367ee51668c5a3bd91cb3a613a2
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 26 12:10:28 2011 -0400
* removed hack to supress a compiler warning on pathlen
Basically, the code read:
int pathlen;
pathlen = pathlen; /* make sure it used even with !X509 */
We no longer have the X509 define, so the issue is moot. But even if it was
still an issue, a real fix would have been preferred over this hack.
commit b98294c998be013770e86319c8065f9e2d8bc0bd
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 25 13:36:23 2011 -0400
* added some notes on debugging settings in Makefile.inc
commit f53e48ac96593bd84f754d20ab0eea1e8fa2c10f
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Oct 23 00:33:14 2011 -0400
updated changes
commit 2b9d626de79d430a91ea383ea2357b7e79f03fab
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Oct 23 00:31:34 2011 -0400
* Fix for ike_alg_get_encrypter() possibly returning NULL
See: https://bugzilla.redhat.com/show_bug.cgi?id=747852
commit 8cf7c954f0e6ef70e8463e79c65ffe1535f48d73
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 19 22:23:11 2011 -0400
updated changes
commit 9954c946bcec187640bd1f73c6990bc349aa7daa
Merge: b791f4c 7894279
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 19 22:21:38 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit b791f4c7c2fa20c4cdfeab12934168baced27796
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Wed Oct 19 22:19:25 2011 -0400
* vhost allows connections with subnets proposed and ignores virtual_private
In virtual.c the function returned NULL at 364 if vhost is used and the
proposed net is not a host.
The bad thing is that at this point except for the fact that the net
itself is not allowed no further checks will be done and the proposed
subnet is accepted regardless if the proposed net is a public network,
the world (0.0.0.0) or whatever.
vhost:%no,%priv and virtual_private= are useless in this case.
commit bb100e0f0ad857631706e977ff76f81b2f19434d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 18 20:48:13 2011 -0400
* update IP_IPSEC_REFINFO / IP_IPSEC_BINDREF from 22/23 to 30/31
commit 7894279cc3039064693c290bf65b3d4a2b6fbf1a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 14 16:52:54 2011 -0400
* Added xfrm_ipcomp and tunnel6 to the module unload list for netkey
commit 69b6e7ff044006a4a89df6800db79a10ebc17f20
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 5 09:45:02 2011 -0400
formatting fixes for CHANGES
commit 5e1d2d7bf24bee7c671e10af32e446a1d37b3df8
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 5 09:35:45 2011 -0400
updated changes
commit e79565f95d894bba1ce55cc30dfedf64c4bfca9a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 5 09:33:08 2011 -0400
* Fix for CVE-2011-3380 Openswan IKE invalid key length vulnerability
The function parse_isakmp_sa_body() calls the function ike_alg_enc_ok()
twice, once to verify the algorithm and once to verify the key length.
In openswan 2.6.29, the second call was changed to pass NULL as the errp
pointer. The function ike_alg_enc_ok() error handler improperly dereferences
the errp pointer.
When an ISAKMP message with an invalid KEY_LENGTH attribute is
received, the error handling function crashes on a NULL pointer
dereference. Openswan automatically restarts the pluto IKE daemon but
all ISAKMP state is lost. This vulnerability does NOT allow an attacker
access to the system. This can be used to launch a denial of service
attack by sending repeated IKE packets with the invalid key length
attribute.
commit f018510b2454e2bbfac90e7d13ecf25a0a637278
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Oct 4 20:58:10 2011 -0400
* barf: ip6tables does not have nat tables
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 44d80099efb30c703f7f0a8fae3e6531d85e2ebf
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 3 18:12:00 2011 -0400
updated changes
commit 8547b9e57f19f827e93caa13afea528efe7ad4c4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 3 18:10:51 2011 -0400
* SAREF: Added updated patches for 2.6.36 kernel
commit f98cbd576d245fd61fee03fbea0a6aeed12a65de
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 3 18:04:59 2011 -0400
* SAREF: Remap IP_IPSEC_REFINFO/IP_IPSEC_BINDREF from 22/23 to 30/31
2.6.26+ is using 22 for IP_NODEFRAG now. This also required xl2tpd
to use the new number. It should probably be made a new option in
xl2tpd.conf
commit 9c8ee101bb99f8a86d3fd9a3dec54804b41ba72d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 30 11:11:49 2011 -0400
* UML: Enable USE_IPSECPOLICY=true for uml builds, now the default is off
commit 1b44ed411ecdadaa0ea4073891dc3bbe94eb765f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 29 16:41:24 2011 -0400
updated changes
commit 15e2e965a4565ba65c49511da56aac24003276d3
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 29 16:40:07 2011 -0400
* SAREF: kernel patch added for Linux 2.6.38 [Paul]
commit 541354644a17cfcd40e4b7d54e73ce1004afe7be
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 28 13:16:53 2011 -0400
updated changes
commit bc5f2c0e6824316bfc38e6b01c483ca8e97e5166
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 28 13:10:58 2011 -0400
* Disable USE_IPSECPOLICY per default - there is current no consumer for it
It creates an unneeded socket /var/run/pluto/pluto.info, which when
used incorrectly could cause pluto to hang indefinately on reading
the socket. Access to this socket was prohibited by the /var/run/pluto
directory being readable by root only. However, in the case of /var/run
on tmpfs, this directory would get recreated with worldreadable permissions.
Found by Sony Japan
commit 207c2c13f240a07c53f5d6a328584f54a17c8e82
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 28 12:57:06 2011 -0400
* comment out an old tar build target and remove some old RCSIDs
commit c5bca10d7d4207943cc07da7fc21d696951d8513
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 28 11:46:02 2011 -0400
updated changes
commit eccdfa2b5dd7ebc648144c0de7fa2b2aa02ae5c6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 28 11:11:33 2011 -0400
* Prevent a local admin from opening up pluto to a Dos attack [Sony Japan]
Ensure the administrator did not make /var/run/pluto 755 by some strange
accident - we create it 700 and so do the main linux distributions, but
things could get recreated due to /var/run/pluto being on a tmpfs mount.
This avoids the case where a non-root user could open a worldwritable
socket in /var/run/pluto/pluto, keep them open and block pluto from
processing anything. (this could be true for pluto.info, not pluto.ctl)
This patch also ensures that any existing /var/run/pluto is changed to 700
commit 379eb97edaea96fa7c1a62c81629d323a593ac7f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 21 10:26:52 2011 -0400
Remove debian patch for -llbr. no longer needed
commit 210c57c1b4edcf4556aeb1e9628b63df5288a775
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 20 21:01:01 2011 -0400
updated changes
commit bb0481d93b439ef27a28e4e8491ad97dcf3524ff
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 20 20:52:21 2011 -0400
* ipsec verify: New kernels use nf_conntrack instead of ip_conntrack [Avesh]
commit abe2f7ce9aaffa96180915946dd4f3846b41b3c9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 20 20:51:46 2011 -0400
* LDAP/CRL needs liblber (rhbz#737975 [Avesh]
commit bfb3d0590d78f2aeedb52c15eaf82356c16fe89e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 20 20:43:13 2011 -0400
* Use iptables-save instead of iptables -L if possible
Suggestion from Avesh, it prevents loading the conntrack modules
if no conntrack was happening before.
commit c377f518652934c080a2f06c98d8fb2e79973f99
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 16 19:25:08 2011 -0400
updated changes
commit facd81436e1a0fcca73521a3972659060e32e85b
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Fri Sep 16 19:24:04 2011 -0400
* ipsec_sa_getbyid() did not work properly on IPv6
The implementation of ipsec_sa_getbyid used sin_addr to compare
two addresses, regardless of their address family. I'm afraid that
2001:db8::1 and 2001:db8::2 are the same addresses. It'll be an issue
when ipv6 is used and SPIs on two machines collide.
commit dd35281fb99ec107515573dfda977ace79dba861
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 12 11:01:49 2011 -0400
update changed
commit 73cdb9a15580b7974204fd7130947a71a4e5987e
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Mon Sep 12 10:58:18 2011 -0400
* KLIPS: ipsecdevices index overflow
The default maximum is 64 ipsec devices (ipsec0 to ipsec63). Attempting to
delete ipsec64 would cause a kernel crash.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 0f3cc8a90b8e074bcc26bbcc1b4ff211db8266a6
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Mon Sep 12 10:53:34 2011 -0400
* KLIPS: cleanup off by one interface, prevented module unload [Shinichi Furuso]
ipsec_tunnel_cleanup_devices removed only IPSEC_NUM_IF (=2) devices instead
of ipsecdevices_max, skipping cleanup of manually created ipsec2 and higher
interfaces, resulting in an ipsec.ko module unload failure.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 3031eb78fb9ddf5735bd7ab29167e43371baa892
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Mon Sep 12 10:51:31 2011 -0400
* tncfg called incorrectly for adding more ipsecX interfaces [Shinichi Furuso]
If the machine has 3 or more interfaces, we can write
'interfaces="ipsec0=eth0 ipsec1=eth1 ipsec2=eth2' in
/etc/ipsec.conf. However, openswan can't create ipsec2. The reason is
_startklips calls 'ipsec tncfg --create --virtual ipsec2'. '--create'
options takes 1 argument ('--virtual') and tncfg tries to create a
'--virtual' interfaces and fails.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit b463e4df541f20f02702220e18bf9e88fdd5941a
Merge: 421f1c9 e07f3a0
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 1 17:19:56 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 421f1c9793b04874262ee0b866cab8a3e85f1cc6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 31 11:37:27 2011 -0400
updated changes
commit 8bc95c1ba311d64103003ef2c1d330d4cc2765b0
Author: Shinichi Furuso <Shinichi.Furuso at jp.sony.com>
Date: Wed Aug 31 11:25:43 2011 -0400
I cancel a patch of pluto that deletes port floating codes when Delete
SA is received.
The former part of the condition never matches any objects, that is
there's no object with st_serialno is 0. After all, it is equivalent to
"st->st_serialno == nfo->st->st_serialno".
Test environment:
Server 0 -+- Server 1
|
+- NAT Router -- Server 2
Server 0 is a target to test.
NAT router is set up with:
iptables -t nat -I POSTROUTING -j MASQUERADE --random
I set up 3 connections: nonat, nattun0, and nattun1
Here's a scenario:
1. start all openswan on Server 0, 1, and 2
2. Server 1 initiate "nonat" connection.
3. Server 2 initiate "nattun0" and "nattun1" connections.
4. "conntrack -D -p udp" on NAT Router and clear NAT table.
5. Server 2 delete "nattun1"
6. stop openswan on Seavrer 1, 2, and 0.
With the old code, "nonat" is rewritten when "nattun0" is established.
It's the issue that we wanted to fix.
With the current code, above issue is fixed, but "nattun0" is not
written when "nattun1" is deleted and port floating occurs. Thus,
Server 0 can't send Delete SA to Server 2 when openswan on Server 2 stops.
With the patched code, both issues are fixed.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit e07f3a036589310163f9c3e75aee54851f18cfd9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 29 10:08:05 2011 -0400
updated changes
commit 9c6bb63a8727538ea70e6d566351f28db05e02ea
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 29 09:57:33 2011 -0400
* NAT-T: Fixed logging for broken NAT-T keepalives [Tobias Brunner]
commit 6f2455474869e30cff041ec5e5f79a656a678e9a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 24 10:20:07 2011 -0400
updated changes
commit 6bcd894d6c028d0ab7a8687fde4389efa32f24bd
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Wed Aug 24 10:17:24 2011 -0400
* Add building with SAref on SLES10 / SLES11 / Opensuse [Shinichi Furuso]
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 07a8d8bdd5054452b32f8536017b83a7f277f5e0
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Aug 23 08:55:10 2011 +0300
update changes
commit f162436d89a3a0f97f7c6ea1399e1d6a1e5579dc
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Aug 23 08:52:21 2011 +0300
hub-spoke.conf: how netkey works is by design, not a bug
commit 14eb163d4374f37dfdd13fa134efcaac119911a7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 9 13:35:30 2011 -0400
updated changes
commit 0d5b4cacea2408fdc8ac8a41f3ded59b4705c61d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 9 13:32:44 2011 -0400
* IKEv2: We always sent the openswan VID instead of using #ifdef
It now uses #ifdef PLUTO_SENDS_VENDORID like IKEv1
commit 2c436b0cca8a630768775fc4ce3e9ec1d6be6833
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 9 13:30:56 2011 -0400
* IKEv2: ikev2_get_dcookie used SHA1Update() with pointer size [Avesh]
It used sizeof(spiI) instead of sizeof(*spiI));
commit 4d5082766605d6105a9e28e67c0d1cdcab322f04
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 9 13:30:00 2011 -0400
* TESTING: Added some more consistent logging in prerunsetup()
commit baddc2b7e5942b467b92c945751b9ac4dbca5a34
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 9 13:28:30 2011 -0400
* pcr_init() should memset the request helper size, not pointer size [Avesh]
commit 1aadb908b28872f77a44a0516006a8802a895d3c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 9 13:27:29 2011 -0400
* Prevent deferencing ctx->trans_cur using passert() in db_trans_add()
commit ef4838e82d027650582be0642fc67b9a0dea30d9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 9 13:26:42 2011 -0400
* XAUTH: whack_get_value() never decremeanted "tries" so asked indefinitely
Patch by Avesh
commit ef4d0f4a921afe1977a02d97a9bf1b48b8aad85e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 9 13:26:14 2011 -0400
* Fix closing fd in lib/libopenswan/oswconf.c [Avesh]
commit 60991b7c528ef76cd2e644b85b19e45cd9ddcbdf
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 9 13:25:11 2011 -0400
* rsasigkey: configdir is always set in the NSS #ifdef part [Avesh]
commit c812da7403c3429a53844e50f1884e5ba87b11db
Merge: e4c216c 4f9e1d2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 8 17:34:11 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit e4c216cefa4e0d06e40485acc1733f923525f914
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 8 13:37:10 2011 -0400
updated changes
commit fe7b29f4b5ee74e3ac268d4e4a79e3c89d8330a9
Author: Shinichi Furuso <Shinichi.Furuso at jp.sony.com>
Date: Mon Aug 8 13:36:04 2011 -0400
* [CRYPTOAPI] Support for backported 2.6.19 CryptoAPI in SuSe kernels
In 2008, SuSE backported a new CRYPTOAPI, saying 'update CRYPTO for
IPv6 IPSEC requirements'. This prevents klips from being compiled.
In May, CRYPTOAPI support is enabled by default in openswan. So,
ipsec_alg_cryptoapi.c will be compiled. It switches old and new CRYPTOAPI
only by LINUX_KERNEL_VERSION. Thus, it tries to compile old 2.6.16.60
CRYPTOAPI code on new backported CRYPTOAPI kernel.
I checked CentOS 5.6 whether it also backports new one, but found it
doesn't. I don't know other major vendor-supported distributions that
use a kernel older than 2.6.19.
I tested it can be compiled old SLES10(2.6.16.60) and new SLES11(2.6.32.43).
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 4f9e1d2ec5a13dae884203a692d2632e6716fa42
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sun Aug 7 02:07:39 2011 -0700
More "sane" debug output changes. Minor.
commit e54eaf82fbf48dff95d522f641776fea90865a61
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sun Aug 7 02:02:31 2011 -0700
More "sane" debug output changes. Minor.
commit 5077d26642d863f03f1e17af6c5f020e82375a6b
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 6 20:00:58 2011 -0400
* Commented out umltree subdir that Hugh added.
It does not exist, and causes regular "make clean" and "make programs"
to fail.
commit a27e30b017afadce901a067edb446ab035703b24
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 4 12:20:23 2011 -0400
updated changes
commit 16c6fe07a701629c431b30daad31a36171aa522c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 4 12:17:29 2011 -0400
* Changed a few *alloc() calls to alloc_bytes()
We were not tracking some allocations for LEAK_DETECTIVE. Seeing that
I did not find the proper free() calls, it might mean these are actual
leaks (unless pfreeany() was used).
One realloc() call in ssdep_linux.c was left, as I was not sure how
to do the realloc() call using our wrappers.
commit d584624905a77ecb22292fd282a5a806bdcb86f7
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Aug 1 20:22:47 2011 -0700
This is a large commit of work done to stabilze the testing "framework",
to get make to run in a reliable mannor, to see where things are happening
etc.
One big change is that all makefiles and most shell scripts are now
expressly BASH scripts as they had been coded with BASH syntax and were
failing in odd ways in borning old POSIX shells.
Please note that this is not "done" work, I think the commit does no
harm, but I am sure that there is more to do before testing works again.
commit f9077d8ed0b7ed79a77676dc965d6ca12611aa62
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Aug 1 19:46:13 2011 -0700
One major change and various minor tweeks and extra output lines use in
debugging testing.
The BIG change here is moving the SHELL from /bin/sh to /bin/bash, as many
sripts in testing are coded with BASH extended syntax. Since BASH does everying
a POSIX compliant sh does this should not harm any other scripts (and no harn
has been observed in a week of testing...).
commit ae8b6acba2d733b1fe211dda43b3ae4b79351348
Merge: d33c86c aa67b53
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Aug 1 19:17:11 2011 -0700
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit d33c86c86e5b6a4cdb58f79c0e83bc18d992fabc
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Aug 1 19:14:20 2011 -0700
Sizeof returns different things on different arch's, so cast it big so the
compiler is unlikely to bitch.
commit aa67b53e8117c16235b0537053c6f628e0ac6f88
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 26 11:59:01 2011 -0400
* KLIPS: Log a warning when using CONFIG_IPSEC_NAT_TRAVERSAL on > 2.6.22
commit 7a1b8c50ee9f90b22721079c8d148e4b4e766083
Merge: e73dfde 1e594ea
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 25 15:55:26 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 1e594ea240f9ba294c2607f04949de622bf4f80d
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jul 25 12:44:55 2011 +0300
update ipsec_pluto.8 man page
commit 215e2db2109ad994982fdc604bc662dbce82735d
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jul 25 12:43:04 2011 +0300
add --checkpubkeys to man pages
commit 1cc085e434a62e7f64efaa415fd2e30d0eb33b96
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jul 25 12:41:20 2011 +0300
update CHANGES
commit db4ea9f8d2d967c335f8789be15fd81f8fc4a409
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jul 25 12:36:22 2011 +0300
document --checkpubkeys option
commit 53b5f4b5c2c960d66f22fb9112a580a6d4c40733
Author: Mika Ilmaranta <ilmis at foobar.fi>
Date: Mon Jul 25 12:16:06 2011 +0300
Add --checkpubkeys option into whack and auto for checking public keys.
commit 06ec3f8e8944347eb3a27c0e0b2f927dc522dae2
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jul 25 11:27:25 2011 +0300
update CHANGES
commit 3cf91546468484b1b345cbc59de028f3855b20d1
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 24 11:29:22 2011 -0400
new changelog entry
commit fd9be2a9cf5e1dff41f18eb0ba7d6ba72b592fd5
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 23 16:48:03 2011 -0400
update CHANGES release date
commit e73dfde59254113d28038230070af161f86d36e1
Merge: bdb454e daf04af
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 22 13:32:27 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit daf04afe1949d7c42199138aca627e0c39965c42
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 21 10:34:16 2011 -0400
updated changes
commit a542d42cc03864c06c9108b98ba8cbca15231174
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 21 10:33:34 2011 -0400
* OCF: Only include ipsec_ocf.h when using CONFIG_KLIPS_OCF
commit f03f13b30d10efa48b7b002218418e5621b9b245
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 21 09:54:12 2011 -0400
update changes
commit 04a61f2353bd54b31e0cfca76465bb122c0c1976
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Jul 21 15:15:57 2011 +1000
Fix mast packets on host-to-host connections
We were not identifying packets correctly after the ip_select_ident changes
on host-to-host ipsec connections using mast. net-to-net seemed ok.
Refactor and ditch some code and use ixs->mast_mode as it is always right :-)
commit bebc8f14d0ed8978693ed151a9166708f16d2929
Merge: 5807851 da42f2b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Jul 21 10:38:13 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit bdb454e167556033cc5a683cf3a594adf3bd94fb
Merge: 591136f da42f2b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 19 17:02:54 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 591136f8ccef0b7efd0e687ad9add8803388750e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 19 16:50:32 2011 -0400
* Setting the debug_mast to -1 caused debug to be active per default
commit da42f2b802dac8054b875aa38476cff811097bd1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 19 11:18:13 2011 -0400
updated changes
commit 72383827f1951e846141e25f2d06e1c143ba9f77
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 19 11:15:29 2011 -0400
* OCF: Give a hard #error in ipsec_ocf.h if we don't have CONFIG_KLIPS_OCF
I managed to compiel with it defined in linux/net/ipsec/defconfig but
without using it in my MODULE_DEF_INCLUDE that pointed to the file
packaging/linus/config-all.h. This resulted in some obscure error, instead
of a clear error that the config files did not match up properly.
commit 58078515ff72eed3bc33f5c9215e6eacbc7d6164
Merge: 66e8174 14f30c3
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Jul 19 15:09:53 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 14f30c3a631143d347d9463e4c9d97cb1ae0384f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 18 23:50:45 2011 -0400
* KLIPS: more prefix fixes to debug log lines
commit cbb1c004d7b10f8e2b8f898270b484bceebc0045
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 18 23:22:22 2011 -0400
updated changes
commit 98eed4a91ea93e69807f1236b82f61325c4c831f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 18 23:20:43 2011 -0400
* DPD: Do not ignore failure in dpd_init()
Note this commit accidentally came in via 993e9312f195. This commit
is just a marker of that for the git log.
commit 388969cc02e7a5092e4f4a84ed47a481495e272f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 18 22:58:39 2011 -0400
updated changes
commit faa8308fc1445dc1ac2e41405427de908aa5e05c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 18 22:57:34 2011 -0400
* KLIPS: more prefix fixes to debug log lines
commit ba34bd2566889524ba47abc7418c03d73090f4b9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 18 22:26:31 2011 -0400
updated changes
commit 30cff989e25e48581dcc70d8a202cc87a1e7869c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 18 22:24:57 2011 -0400
* KLIPS: updated bad debug references to ipsec_xmit_encap_once
ipsec_xmit_encap_once() at some point got refactored and renamed,
but he klipsdebug prefix was not updated to reflect this.
commit f7c0a61449473ab6ebceb06e2a8fbc27607c7328
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jul 18 21:57:23 2011 +0300
cleanup comment for set_cur_connection change
commit e5f0052e21bc19619dac26d281549d326cf17865
Merge: 90630ec 282ed0a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 18 14:18:56 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 90630ec5c580dac22b23faf3fc5a1051d689ba35
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 18 14:14:19 2011 -0400
updated changes
commit b6c2514a97bf86187690869360968361a971367e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 18 14:13:36 2011 -0400
Fix for Tuomo's (rare) crasher where globals were not reset. Idea by dhr
commit 282ed0acbec43264b68126578a81a361f14cf9ce
Merge: ec00950 993e931
Author: Hugh Daniel <hugh at xelerance.com>
Date: Fri Jul 15 18:32:50 2011 -0700
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ec009505525e3443254ed7c20d6de81f84990823
Author: Hugh Daniel <hugh at xelerance.com>
Date: Fri Jul 15 18:29:45 2011 -0700
If a script needs BASH it needs to SAY so...
commit 993e9312f195f54a3e3a00126aaf926ad566e2ae
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 15 13:14:10 2011 -0400
* Bart's disabling of the mast debug per default did not make it in.
commit 3e3bc829db987d1f59b21eedc952f153323ea53f
Author: Hugh Daniel <hugh at star.toad.com>
Date: Wed Jul 13 13:05:48 2011 -0700
The script uses BASH extension that break on POSIX compliant systems, so
we force use of /bin/bash rather then hope /bin/sh points to it.
commit 22d6013a83390f5973dd55e35a16c1641dfce2ae
Merge: 50f7a51 0d709b4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 13 12:55:51 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 50f7a519682c901e4734de79d3e5a5ed367b399a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 13 10:37:59 2011 -0400
update changed
commit 54085743b7760a3417b510e75aab0efff4194c38
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 13 10:35:45 2011 -0400
* KLIPS: Fix MTU on interface - bug introduced in 2.6.33 [Wolfgang Nothdurft]
commit 0d709b47f5d1e9335677e3db18b3f9bc1fb58775
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 12 20:51:56 2011 -0400
* Fix previous malloc() use fix for Tuomo's crasher
Note the previous fix accidentally got submitted in an "updated changes"
commit message.
out_sa() used malloc() directly instead of using our memory wrappers,
but in free_sa() we were assuming it had been allocated with our
wrappers.
The previous fix used alloc_thing on both proposals and transforms, but
the proposal ones needed to use alloc_bytes() due to the multiplication
for 2 * proposals.
commit 28c496fb4ecaa006754977cabe2ca0448648f2be
Merge: ce7ca9d b8b316e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 12 18:22:11 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
Conflicts:
CHANGES
commit ce7ca9d87b24ef9ced83d4b67af93b651eb8c73b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 12 18:21:40 2011 -0400
updated changes
commit b8b316eb176e62a16ed4f9b0d9fd1d5f1ec38b8e
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 9 11:34:15 2011 -0400
* default KERNELSRC to the currently running kernel
commit 0e739f6c3dc416d6850763e51bd8a4f185f56451
Author: Hugh Daniel <hugh at xelerance.com>
Date: Fri Jul 8 18:12:23 2011 -0400
* UML: updated kernel configs for UML_NET_PCAP, UML_NET_VDE and UML_RANDOM
commit 8d191e93feef736064a959837d481a289bac85f6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 8 15:26:41 2011 -0400
updated changes
commit 1c58f14b19aef87cd15e7d0ae42b0a2e87a5395f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 8 15:24:06 2011 -0400
* st_peeridentity_port missed ntohs() causing interop fail with little-endian
Found by Magnus Öberg
commit 717744479d3da28ad30505eee8ec651653740fb9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 7 17:15:16 2011 -0400
updated changes
commit 5a443cc72837ef33f38a5f09e849b061a4be55bc
Merge: 4f26de1 b4faa45
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 7 16:47:55 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 4f26de19fb22444fc1c6cd450ac37b8c76481204
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 7 16:38:45 2011 -0400
* Prevent double ipsec_kfree_skb()
Shinichi Furuso pointed out that ipsec_rcv_unclone() can call
ipsec_kfree_skb() if it is cloned (due to tcpdump or so?) and then
returns NULL. in such case, the caller, ipsec_rcv_init() returns
IPSEC_RCV_REALLYBAD, which causes ipsec_rsm to also call ipsec_kfree_skb()
I removed the call in ipsec_rcv_unclone() with an added bonus of removing
a goto statement
commit b4faa455880aff2d47546628eeb8c100c08daf63
Author: Michael Stevens <mstevens at etla.org>
Date: Thu Jul 7 22:47:05 2011 +0300
Bug #1264: Fix a teeny typo in changes for 2.6.34
commit 65312de8bf145f0b2d93597af750078876fdb574
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 6 17:51:28 2011 -0400
* avoid using dirname (patch from openwrt)
commit 12112472a4998038651f55d47353c4c8b9f3e527
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 3 16:32:47 2011 -0400
updated changes
commit fd29db8d488d2edfe454748c60707cf91982c0d1
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Sun Jul 3 16:28:20 2011 -0400
* SAREF: Added null check of secpath_dup(NULL)
commit 929dadfbdd7f48456d4b219731bed6ee62c0aa66
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 3 16:12:25 2011 -0400
updated changes
commit bd2c78b677e0c02470854b31423cb03864c22574
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Sun Jul 3 16:10:25 2011 -0400
* SAREF: ip_cmsg_recv_ipsec_refinfo() doesn't initialize refs array.
It causes uninitialized content of kernel stack is passed to the local user.
commit 9385e067a9dc7759d1ba1ca821efba4fcc70c044
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 3 15:28:47 2011 -0400
update changes
commit 2d421ff4c5f7259120d4050b2f59db8dd57176a8
Author: Bart Trojanowski <bart at jukie.net>
Date: Sun Jul 3 15:15:23 2011 -0400
remove forced debug_mast enable
commit df6f04b1ee0b09223e7e78fe6be69c84639ac9b5
Author: Bart Trojanowski <bart at jukie.net>
Date: Sun Jul 3 12:01:52 2011 -0400
be more careful about which {mast,ipsec}priv structure is being used
This fix addresses crashes in ipsec_set_dst() when the ixs->physdev was
NULL. The problem occurs on transport mode connections in mast mode. In
mast mode the physdev is undefined, but was still being used to route
packets out.
Here is what was actually changed:
- prevent blind casting of netdev_priv() to {mast,ipsec}priv
- netdev_to_{ipsec,mast}priv() wrappers get private data from net_device
- mark {mast,ipsec}priv with distinct cookies
- panic with BUG_ON() if the wrong structure is being used
- in ipsec_set_dst() allow for ixs->physdev to be NULL, and use route's device
commit 0f8318af3f006b8d39fd883efa0dda4da4858db7
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Jul 2 13:08:43 2011 -0400
ldsaref: need to specify the location of the libsaref.so for LD_PRELOAD to work
commit 38eed94e996e62d640b8a408befb0ef80c5b91b9
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Jul 2 10:24:27 2011 -0400
run depmod even if /sbin is not in the PATH
(this happens when running sudo make minstall)
commit 66e81748ae2248a51941642dee2c8a7863803fe7
Merge: 7ef683b 5b50e54
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Jun 16 13:41:05 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 5b50e54326eea08d967f8df8de1dda72f42fa185
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 14 18:36:17 2011 -0400
update CHANGES
commit aaf8080e6db73bb70e5ee47356e5628942f33fb4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 14 17:31:42 2011 -0400
mend
commit 9b68045bff4a0cfda1198434f19345eca027e6bf
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 14 17:30:06 2011 -0400
MAST: Add the ipsec_xmit_sanity_check_dev() check in the mast path,
similar to the ipsec path.
commit cbeab0221a0e16751e4a09783988cdd40916a0c3
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 14 17:16:21 2011 -0400
Exclude the virtual interface to physical interface check for mastX
in ipsec_xmit_sanity_check_dev(), so that we can call this function
in the mast xmit patch as well.
commit 7ef683b9859dd2fb424afa43d85a70164c1947a8
Merge: 62bbcbc e634277
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Jun 14 11:05:25 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit e63427748d1a465c523ba0e1c43d1194539f3feb
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 10 09:12:37 2011 -0400
updated changes
commit 6c67964cc6a45cac42490862912b1232137eaa69
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Fri Jun 10 09:04:29 2011 -0400
Fix a null pointer dereference panic when ipsec is unloaded and kernel
is saref patched.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 97e564d3d0e9c96acf6176c585e6b11c26a0052e
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Fri Jun 10 08:58:24 2011 -0400
Fix accidental redirect (">") to file that was meant to be a -gt comparison
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 2d02b39a354021470b704a654da79758909f8ca2
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 8 14:09:34 2011 -0400
start 2.6.35 changelog
commit c583887a157920ea780b1ec23117826979254dc8
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 8 13:54:46 2011 -0400
remove blank line in CHANGES
commit ffd7776e0a4ca196c999c48f82d854800cbf1a1e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 6 22:58:46 2011 -0400
updated changes
commit c703b622c201e5e0eac62a87dfbe389d4dedd8b7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 6 22:56:57 2011 -0400
Fix for below oops by David
[ 139.484734] BUG: unable to handle kernel NULL pointer dereference at 0000000000000078
[ 139.484767] IP: [<ffffffffa022902e>] ipsec_set_dst+0x7e/0x290 [ipsec]
[ 139.485433] [<ffffffff8100f34f>] ? xen_restore_fl_direct_end+0x0/0x1
[ 139.485454] [<ffffffffa022c917>] ipsec_xmit_send+0x37/0x400 [ipsec]
[ 139.485474] [<ffffffffa022940f>] ? ipsec_nat_encap+0xef/0x1f0 [ipsec]
[ 139.485495] [<ffffffffa0233061>] ipsec_mast_xsm_complete+0x91/0xb0 [ipsec]
[ 139.485515] [<ffffffffa0228d00>] ipsec_xsm+0xe0/0x390 [ipsec]
[ 139.485538] [<ffffffffa0243d11>] ipsec_ocf_skbq_process+0x21/0x50 [ipsec]
commit 62bbcbc85e6ac3c0ffd6fa2efefd31a83832e470
Merge: 9ecebde 9544d04
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Jun 7 09:26:05 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 9544d04d9ed43bc1ffb1b6c343338cfd30b1a939
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 6 11:06:59 2011 -0400
updated changes
commit 5982ef556f46b64a377450a7477d6dee7e900396
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Jun 6 11:05:37 2011 -0400
KLIPS: Only fixup the ethernet header it might be on
PPP devices do not have ethernet headers, so no need to fixup the
protocol in the header if it can't possible be an ethernet header.
The fixup is needed for ip4inip6 or ip6inip4 ethernet packets.
commit 6ba1f576865203fa548de67046ebb7b02db72b7b
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jun 6 14:45:07 2011 +0300
fix acquire_netlink broken by b20993af4618e7c10cdb9dab5e4900e06bdf32ad
commit 9ecebdecbcbe380f57eac6562add20edfb36a6e8
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Jun 6 16:37:16 2011 +1000
Only fixup the ethernet header it might be one
PPP devices do not have ethernet headers, so no need to fixup the
protocol in the header if it can't possible be an ethernet header.
The fixup is needed for ip4inip6 or ip6inip4 ethernet packets.
commit 6c47add795d7cdd868b3063180a8da1d7889ddea
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jun 4 17:11:06 2011 -0400
updated changes
commit 86a5945e20ffa61936e93b52c499e06b465c4403
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Jun 2 15:26:48 2011 +1000
Routing cache corruption due to ip_select_ident
The comments in the code said that dst has to be set before calling
ip_select_ident, but dst wasn't set correctly.
It was corrupting a private value (rt->rt6i_nfheader_len) that would then
result in ip6_output calculating invalid mtu/packet sizing and rejecting the
transmission of a packet with EMSGSIZE.
Rework the dst settings and ip_select_ident code so that is all gets done
in the correct sequence. This helps clean up the flowi code a little and
it is easier now to clean it up properly at some point w.r.t. IPv6.
commit cb423a95d215606fa4bc53d74d4e1b71daa58f41
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri May 27 19:31:01 2011 +0300
Removed reference to http://www.freeswan.org from ipsec --help
commit 6feb1466d892048743f89ab17d9214a6523736ca
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri May 27 19:24:14 2011 +0300
remove refence to www.freeswan.org
commit 2adce40c9e925b192742d299c2dd721a00e93e20
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri May 27 15:52:49 2011 +1000
A couple of small fixups for linux-2.4 compiles
commit 84cc7d7f292803be77f0313227a189b3b0224797
Merge: 861dfb3 157cd31
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 26 21:28:53 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 861dfb39ad31eebf848d71341f390ffef63b3fab
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 26 21:21:22 2011 -0400
deleted two useless scaffolding files in docs/HACKING/
commit 157cd317de791bba7ea8c0cc41cf7e14e8473f34
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 26 16:29:42 2011 -0400
updated changes
commit e663652c94dfd187ebbd5266f40ee0dcd5f08719
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu May 26 16:28:17 2011 -0400
2. Protocol port issue when using hostnames instead of ipaddress in
connection definitions (rhbz# 703473): leftprotoport/rightprotoport option
does not work when using hostnames with ipv4. With ipv6, this issue can be
reproduced even with ipv6 addresses, if you dont specify
"connaddrfamily=ipv6" in the connection definition. The reason is that the
ipv6 address is considered as string and is tried for name resolution
leading to wiping of ports from the connection. However, the ipv6 connection
gets established. IOW that to make an ipv6 work, it is not really needed to
specify "connaddrfamily=ipv6", however breaks protocol/port stuff.
commit f14d6de160f385f731752cb6a1370d8268f73b9e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 26 11:28:28 2011 -0400
update changes
commit a7489395a43cbdb4fc13c2f3a4434354d07fb9d7
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu May 26 11:25:19 2011 -0400
1. Broken AH support with NETKEY since ages (perhaps since 2.6.15/16) (rhbz# 704548): AH protocol does not work when setting as phase2=ah, leading to
unsuccessful connection. This ends with error "unknown encryption algorithm".
commit f3912301a780f3da73ccc98dfa93a0a5535277ff
Merge: 61fa46b d04c1ff
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 26 10:37:47 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 61fa46b833edd6d4c1755fcd6cf1c6b360311ac7
Author: Michael Richardson <mcr at sandelman.ca>
Date: Thu May 26 10:37:27 2011 -0400
more warnings about strict alignment: use pluto_crypto_req buffers
instead o f buffers of long
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit b20993af4618e7c10cdb9dab5e4900e06bdf32ad
Author: Michael Richardson <mcr at sandelman.ca>
Date: Thu May 26 10:36:58 2011 -0400
gets rid of warnings about strict alignment: code should run faster on
Sparc , not-core dump on Alpha, and fit in caches better
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 6d1e499bdbb598f4e5bc8045d65fdf6ed3147994
Author: Michael Richardson <mcr at sandelman.ca>
Date: Thu May 26 10:36:41 2011 -0400
make do_command an external so it can be referenced
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 13227de78e2949368422a331cbea5e654c4618c6
Author: Michael Richardson <mcr at sandelman.ca>
Date: Thu May 26 10:36:24 2011 -0400
the %li needs to always have a long, particularly on 32-bit platforms
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 6d658673e46b177986c9b24e68ab8432d826a28b
Author: Michael Richardson <mcr at sandelman.ca>
Date: Thu May 26 10:36:05 2011 -0400
get rid of unused variable
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit d950f768eb8978795dd8599bb7e00c24aab46c9f
Author: Michael Richardson <mcr at sandelman.ca>
Date: Thu May 26 10:35:08 2011 -0400
with -Werror, the exit routine need to be marked never returns
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit d04c1ff4f5d20c19076f49f3d14867b31a276d44
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu May 26 22:59:38 2011 +1000
Clean up IPv6 logging
A few spots that weren't being handled nicely and producing incorrect logs
for IPv6 cases.
commit 536bde334f918a74a41a066f6331f2445d81f5ad
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu May 26 22:54:08 2011 +1000
The policy check should check against flow family
Since we are checking the innner policy, the flow family is the one we
should use, as the flow addresses are what we compare and report..
commit 5a843c9e017121004c4f4d75695f895ea843fa1b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed May 25 09:11:59 2011 +1000
Fix ip_route_output_key usage after 2.6.39 changes
The call to ipsec_route_dst got lost in the translation.
commit 49e9ea175219591beee0d5df03543a38f04c3812
Merge: 465a933 d8c07ad
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 24 09:47:55 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit d8c07adb13c8100d76fb03fe9f2e03b280622dde
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 24 09:07:31 2011 -0400
updated changes
commit cfa9861ca4c06acc9f8cb2ded457208d4a739c34
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue May 24 14:00:30 2011 +1000
Further cleanups for #1233
I wasn't happy with leaving things undone in the last patch. This one
ensures that any calls to destruct after we unload will be ok, we still
prefer to wait a bit first though and try to exit cleanly.
commit e7a88c921ab7b34f6d8117a1a4dd844589e1d6bd
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue May 24 12:55:52 2011 +1000
Compilation support for linux-2.6.39
Here are the safest set of changes I could come up with for now.
The struct flowi bits definately need a clean up.
commit a07572d5528677ff65ba5a1c8ebaa7903e7fc8e1
Merge: ecb4717 10af2ed
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue May 24 11:09:03 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 10af2ed8a6edc711500e900e8cb4daf668156406
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 23 19:04:44 2011 -0400
updated changes
commit ed0c0aef365e158d544ba2de44cf5f5214b5481f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 23 19:03:32 2011 -0400
Various file descriptor leaks and minor memory leak fixes from Avesh,
looked over by Hugh Redelmeier.
commit ecb4717f8bd3d298d051e26c08a4bcafc3eeac85
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon May 23 13:14:43 2011 +1000
Race with nat-t and driver unloading
A race condition with the unloaded of klips and the closing of
encapsulation sockets meant it could happen after the driver
was unloaded and or during, causing an oops.
https://gsoc.xelerance.com/issues/1233
commit 465a9334ce14d20673e09c55778b1cdcba878464
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 22 17:29:16 2011 -0400
Set CONFIG_KLIPS_MODULE to 1
commit 73153205e89518ecf07343dfdd0a71c5f8ed0853
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 14:34:44 2011 -0400
fix comment
commit c08fd4def1dcf680e9d94803a2f3fa597a489784
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 14:34:15 2011 -0400
updated changes
commit eae17541a4bb32e55477229b564e452102d2217c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 14:32:08 2011 -0400
Enable cryptoapi in ./linux/net/ipsec/defconfig to match the stock
packaging/linus/config* files
commit 693bec1cac134819f941d84609235ae5652f048b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 14:00:13 2011 -0400
remove unused but set len variable from do_md5_authentication()
and two occurances of set and unused dns_idx, wins_idx attr_type
commit 93a0ed73b8b32f2333ab562b5237a4dd62e861ef
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:59:49 2011 -0400
fix adding the new vendorid VID_CISCO_IKE_FRAGMENTATION
commit cd81e9a03650acb99222debad1b4a8a22cde4255
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:58:54 2011 -0400
removed unused but set variable dh_matched from ikev2_acceptable_group()
and oldgotmatch in ikev2_parse_parent_sa_body() and ikev2_parse_child_sa_body()
commit 64d76056df583e9b5c293bbb1c2f32693feafa59
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:57:27 2011 -0400
out_sa() had a really weird loop construct to "figure out how many
proposals we are going to make". After reading it with Simon a couple
times, it made no sense and we simplified it.
Remove unused but set variables in preparse_isakmp_sa_body()
commit ce07482f62aa28b76153ab6a3132b5aec08969db
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:56:40 2011 -0400
remove unused but set extn_oid from parse_ocsp_single_response()
commit fa2809569839f2b2c1e12faa6fc68f58139e05e5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:55:53 2011 -0400
pfkey_add_sa() calls pfkey_msg_parse() but did not use its return
value. Log it now in case of error (which can never happen but gcc
doesn't trust us on that)
commit 96b90cf70e228ddf81bbdbb162126134873e62ac
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:54:32 2011 -0400
In netlink_raw_eroute() satype was set but unused. Logging it now.
commit 0a326ff5dde41d152a1f3b0fbbe20d26b5ab16a8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:53:54 2011 -0400
Removed unused but set variable ero_top in could_route() and
route_and_eroute()
commit dab3025f6937a0657bdeb9cb1fda8b8e7a7ff05c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:53:26 2011 -0400
Revmoed unused but set variable kind (from c->kind)
commit 2df55a51f84ec4e85de34d01c22788e9b192c633
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:52:59 2011 -0400
Removed unused cert_hd
commit f78b3959221b0c7b8ce45f63041c341a83892dc5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:51:47 2011 -0400
iif'ed out the variables best_tsr,best_tsi in ikev2_evaluate_connection_fit()
they are set, but unused. The same for connection b; in ikev2_child_sa_respond()
commit 493c8880791982d08c86136ca8d7670bd853e935
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:50:36 2011 -0400
In process_v2_packet() we check if we are the responder or not. If
we are, we expect an rcookiezero. We stored the check result but
did not use it. Added logging a warning now.
commit dc27877b6d6f40ed4a7d44c47626a46a076b30dc
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:49:27 2011 -0400
quick_outI1_continue() calls quick_outI1_tail() but ignored its return
value. For now, log any result that is not STF_OK
commit 9b702ef21cf56dec610a772eb0edf48bfc6f9428
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:49:09 2011 -0400
Remove another NULL cast to time_t for time()
commit f6c57f5de7bf0db1f0f6726688633cdf688dd340
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:47:48 2011 -0400
dpd_outI() picked the last entry of p1st->st_last_dpd versus st->st_last_dpd,
but then ignored the actual result stored in the variable last
commit df780dbd1e15580dcd03c803fc68072effa76500
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:47:13 2011 -0400
calc_skeyseed_v2() took chunk_t gi,ge; but did not actually use these.
commit fa16a2e47278790d97daa5c1cc41e10afc818680
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:46:32 2011 -0400
log the (ignored) result from waitpid.c in send_eof() to make gcc happy
commit 0d7fcbbeb9d9af8c9d0994e157bb7efb910c1a98
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:45:49 2011 -0400
fix format warning in in_struct() to use %li instead of %d for remain=
commit 331145da14ccd825e8fbcd3e05d8b80922b1f6ee
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:45:13 2011 -0400
Check return value of initaddr(), even if we never expect it to fail
commit 476649a07162f5e9bfd533b64dd139b1af90e18f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:44:53 2011 -0400
Remove unused time_t created
commit 4dd63ff3033b401dc2dd7d05683048be2c7c5952
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:43:26 2011 -0400
No need to cast NULL to time_t for time()
commit 33a78ab8298d85b1595ffaeee3f09e94d5e3f455
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 13:43:07 2011 -0400
remove old rcsid
commit 612a8683cd98bdc656e7bf63d7bde85c9f0f3ef9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 20 11:38:09 2011 -0400
updated changes
commit 19d744e43b44b6b88602ef64834710cdaafbbea8
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri May 20 23:24:16 2011 +1000
Return default stack to klips over mast
During one of the cleanups, mast overrode klips when --use-auto
was invoked. This restores it to the old default.
So "auto" effectively means:
1. netkey (if support compiled and present in kernel)
2. klips (if support compiled and present in kernel)
3. mast (if support compiled and present in kernel)
Although 3 is unlikely to be reached as 2 will already be there.
commit db1e22fe141740bd63fd14106a426f3608a179f2
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri May 20 23:17:52 2011 +1000
Remove bogus build warning about override ALGs
The warnings about inbuild DES/AES overriding the cryptoAPI
versions are wrong. If cryptoAPI is present with appropriate ALGs
and opneswan support for cryptoapi is compiled in, it will be used
in preference to builtin ALG's, but one or the other is chosen, not some
blend of both.
commit e509d8f7fa0031488af98161baa16a9ae9d15989
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 19 11:15:43 2011 -0400
updated changes
commit 8c056194347f9a51955fcf2a63bbc2f15df33d07
Merge: 4faca9f 60f5ff6
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 19 10:11:52 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 60f5ff6d3366eff99c99fe455c18a322daff1719
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu May 19 18:40:32 2011 +1000
Fixup some of the OCF build support
Add a defconfig anf fixup some warnings when building OCF+openswan
as external modules.
commit adf1c910d0451ac5acfde4b94be5d524ffe5b621
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu May 19 18:39:38 2011 +1000
Fixup the paths in the default make help target
commit 813cfd330d324bc87b2f0ce7c8116b5b04e1c322
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu May 19 14:38:25 2011 +1000
Fix oops if packet is received on detached tunnel
If a packet is received while the virtual device is detached from the
physical device we crash in netif_rx because "skb->dev" is NULL.
To reproduce:
Start a tunnel then attached to PHYSDEV
ifconfig PHYSDEV down
Start a flood ping over the tunnel from the other side
ifconfig PHYSDEV up
crash .....
We only crash after the "up" because the virtual interface comes up at the
same time, but we have not been re-attached.
commit fbbd8b242aaedea0a2bccf5e7bc19d2fad4484a9
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu May 19 14:37:16 2011 +1000
Fix some formatting so you can see the code
Code after a comment is just not easy to see ;-)
commit 4faca9f309d2bc188898e9317c3f7a06ca02e762
Merge: c49bc7b 3fcc338
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 13 18:19:32 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit c49bc7b46f6fb490deb20c7368b0029b683e31ee
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 13 15:51:07 2011 -0400
Added Cisco IKE Fragmentation vendor id
commit 3fcc3386b196df68c4cbc03034de6e882df50626
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 11 12:52:36 2011 -0400
updated changes
commit ce8634bec26188f9019164d87796139dc0754e40
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 11 12:50:37 2011 -0400
cleanup various config-* files. Removed the ones we never tested in years,
and were mostly identical duplicates anyway. Removed arch specific fedora
ones. Fixed the #define XXX 0 to be #undef XXX (the OCF and NAT ones)
Removed CONFIG_KLIPS_REGRESS as it is not used anywhere anymore.
commit e2ecfaf93932e1527f69c34d00f82d174c71ee78
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 11 12:25:10 2011 -0400
updated changed
commit da08a88da69be759730f0c40ff874bf67771eb65
Author: FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
Date: Wed May 11 12:22:46 2011 -0400
[MAST] refcount bug when using transport mode prevented ipsec.ko unload
commit b59cba64392eae978e794d25b696de6208fddf7c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 10 16:19:42 2011 -0400
updated changes
commit da9a995d2bb64fbd38a55a34b0b6e74c0d6ea7e9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 10 16:19:06 2011 -0400
Fix a few gcc unused-but-set-variable warnings
commit a1f8bc92ffcf646d65b7706512c65bf7910e06c9
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Apr 29 13:47:44 2011 +1000
Fix compile warning for ippkttotlen
We don't need a %lu for ippkttotlen, %u is just fine, but we do need to
cast our argument to match on all systems.
commit afc7ef395a92c1c68bdbd66e008f2c633738ce20
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 28 13:13:53 2011 -0400
fix updown.mast.in - missing fi's
commit 1704d9341b390ff0dae0467acb6cfb2635af1d91
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 28 12:11:01 2011 -0400
update changes
commit 4c022b29d561ea5570ced021b6ca8d8719c0e0c5
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 28 12:09:27 2011 -0400
Added PLUTO_CONN_ADDRFAMILY=ipv4|ipv6 to updown.* (to disable SAref on v6)
commit 3b35e50fb869d8743602229b93453372fbcc5a50
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 28 11:42:07 2011 -0400
the ntohl() call was missing from the previous ipv6 fix
commit e78a7f0d70bc464b551bd4b55092e4684265b7bb
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 26 20:40:02 2011 -0400
updated changes
commit 6f5770fe3330626c0b5fc0c560355a1e50ce8653
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 26 20:33:35 2011 -0400
KLIPS IPV6: Fix packet fragmentation.
We were not sending an ICMPV6 because we supressed sending on icmp,
meaning ping tests with packet sizes wouldn't trigger any fragmentation.
We were also sending ICMP_DEST_UNREACH instead of ICMPV6_PKT_TOOBIG.
icmpv6_send needed ntohl() over the mtu compared to icmp_send()
It should be safe to send ICMPV6_PKT_TOOBIG, as that packet in itself
should never be too big.
commit 906372284b1b413836ee50be9271872fb4cc1e4f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 26 18:28:40 2011 -0400
Rever 33d6bfe19c6a600a1db7c2af87dc4385515f03aa partially. It did
not work and caused more problems then it fixed.
commit ccc06d0a5c881db91fb5b239875d7b1e3015d2ad
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 25 19:37:01 2011 -0400
Fix conn name in ipv6-v6-through-v4-klips-klips
commit 37b36e400ddc9490a69857b839acb3eff5eaa717
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 25 19:35:12 2011 -0400
Fix conn name for ipv6-v4-through-v6-klips-klips
commit ecd3cc2270761568f4c9a2c7fc29d8de8b729106
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 25 09:37:29 2011 -0400
ipv6-v6-through-v6-klips-netkey/east.conf needs protostack=netkey
commit 003795a715ee81542af0d03a929a7b2daafb1e16
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 25 09:14:27 2011 -0400
supress an error in prepare-client-v6 when a v6 route is not there to
delete.
commit 60b22e1ef50779b3fe0ddfa84f69419b6f671938
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 25 08:57:32 2011 -0400
net.ipv4.tcp_syncookies is no longer a kernel sysctl option.
commit 4f6f9645d4c9a154e75614ff523248dee4af3c88
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 25 08:39:54 2011 -0400
Fix ipv6 6in6 testcases to use westnet-eastnet-6in6 not westnet-eastnet-ipv6,
which is only the subnet definition. Fix ordering in ipsec.conf.common
for als= statements
commit e7765bb9c6b8527aee27cc48fa42526acb4588f0
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 24 18:34:06 2011 -0400
IPv6: updown.klips/mast needed some checks for 0.0.0.0 expanded to ::/0
commit 33d6bfe19c6a600a1db7c2af87dc4385515f03aa
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 24 17:56:19 2011 -0400
Remove a check for ipv4/ipv6 inconsistency in check_connection_end()
that would prevent us from doing 6in4 or 4in6. Though oddlly, it
seemed to have never triggered?
commit cdbcfe3bae5d33baf70b37e0c6e790e134c80dd9
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 24 17:04:48 2011 -0400
updated changes
commit 33e41006df0600d4bc9ab26fe82c287d33fbced1
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 24 17:03:00 2011 -0400
Remove wrong duplicate define of HAVE_KMEM_CACHE_MACRO for 2.6.22.
It is set for 2.6.23+. This resolves compiling klips on 2.6.22.14-72.fc6
commit 97cfa6ba11dc6e28c76a3e8001f673cd13c5b996
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 21 23:56:23 2011 -0400
update ipsec.conf man page with updated connaddrfamily= information.
commit 1f711b281703572b876c01e6256d0c04ceb07bac
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 21 23:42:26 2011 -0400
Since ipsec.conf.common now loads properly, don't use manual whack
for the 6in4 4in6 testcases anymore. I left the whack workaround
in comments, it might be useful.
commit 48fc0537188e817c67d93b227a4019f6d5202e07
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 21 23:33:08 2011 -0400
Fix confread.c parser to not fail on nexthop= settings with ipv6.
Moved the proper configurations in ipsec.conf.common, which now loads
with these changes for the 6in4 and 4in6 cases.
This issue is a little tricky. Currently, the parser assumes that
the family for left,leftnexthop,leftsubnet is always the same. This
is false for 6in4 and 4in6 tunnels.
I've made the parser more lenient but it might now allow really bogus
combinations of left=1.2.3.4 and leftnexthop=::1
The problem is that the parser starts in validate_end() with pulling
the connaddrfamily value and base all checks off of that. What we will
need to do is determine the family of (1) left/right/leftnexthop/rightnexthop
and (2) leftsubnet/rightsubnet and see if the two sets are consistent.
This is somewhat hard due to %defaultroute, %any and vhost/vnet options.
connaddrfamily= as an option is horrible when configuring 4in6 and 6in4.
Currently, best results are to keep the connaddrfamily= to the family
of the subnet, and in absense of that, of the left/right
commit 05a4d1b43a0305f1bdcb62a3318f40efe97fed07
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 21 23:24:36 2011 -0400
Added readwriteconf-24 and readwriteconf-25 test.
The first one tests for valid ipv6 host,subnet and 6in4 and 4in6
configurations. The second one is a test that should fail with
bogus combinations of ipv4 and ipv6.
(second one might need to be split in different tests)
commit 0982274f7e752942a54216b3616d1ba7580cf70a
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 21 16:29:44 2011 -0400
added auto=ignore to 4in6 conn
commit 1eaf903840e0d47820a4f86813552a357cd184ed
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 21 16:28:39 2011 -0400
log my two failed methods for filtering unencrypted pings with netkey.
commit 4151b23d040edef1c5b3a448ed5b923ed132d3ca
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 21 12:50:34 2011 -0400
The --pfsgroup XXXX option was missing in "whack --help"
commit 04dcd65f8e3696ff354588ab6c135517a09cd4e2
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 19 16:48:57 2011 -0400
Fix initrd generation for i686 assuming rootfs is an updated Lenny distro
commit 75b69685900246b9960c608fa61d46da4f00de39
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 19 00:28:17 2011 -0400
Temporary workaround for the parser not understanding if we want to
do ipv4 tunneling via ipv6 endpoints
commit 3d1c228e9ecf313c55f576f68c137b44a454b214
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 22:41:49 2011 -0400
minor maintenance in BUGS, file should be phased out for bugs.openswan.org
commit 857924f7e7912ac186629133c237907b7dd8ae4b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 22:37:35 2011 -0400
updated changes
commit e58f9269d472446ff25f9c19d86ffb9ab9058a0f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 22:28:57 2011 -0400
Add ip6tables table and mangle to existing iptables output in ipsec look
commit a6dca2b2ab4ea58f0a617b8ef40ba65865e5041b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 22:27:10 2011 -0400
Add ip6tables output for regular and mangle tables (there is no nat
table for ipv6 yet?)
commit 06f50e3526c4a781099ab64d59aa3eb7bbc1da5f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 22:20:29 2011 -0400
Kernels upto 2.6.24 do not have init_net, and ip6_route_output() takes
only two paramters. Patch by Sony Japan
commit 0ec078b2c3c8a6481c38ce6b3a5fa25296915415
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 22:17:56 2011 -0400
IN6ADDR_ANY_INIT and IN6ADDR_LINKLOCAL_ALLNODES_INIT are not defined on the
SLES10 kernel when IPv6 is enabled. Patch by Sony Japan
commit 45363a1a95325df22af70bf6012d3965cd37eb14
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 22:08:54 2011 -0400
ipsec_mast_check_outbound_policy() checks each bytes of ip6 addr, but
one of the indexes is wrong. ipsec_rcv.c has the same code.
Patch by Sony Japan
commit fb4b53d177fe82813a2d573e8d96792f8fa03207
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 21:59:24 2011 -0400
change FreeS/WAN -> Openswan in testing configs
commit baaacdb5fd10c88dcf58b13ea00b4d1a2689ecb0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 21:56:54 2011 -0400
move west-east-4in6 and west-east-6in4 to ipsec.common
commit e12a0b57cb64a3fb9510a7afec6cc4655e899a7b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 21:53:01 2011 -0400
removed old copy of testcase
commit bad49d67e17203d8f53594ea4f9956a84a6961f7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 21:21:41 2011 -0400
Added ipv6-v4-through-v6-klips-klips and ipv6-v6-through-v4-klips-klips tests
commit b1c43bad583e22c361b58e101df99c6669fd7b62
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 19:22:51 2011 -0400
fixup ipv6-v6-through-v6-netkey-netkey similar to the -klips-klips case
commit 4bd481ad73a6bccd65e36981383bd7c812bfb9fc
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 19:18:38 2011 -0400
Add ip xfrm display in "ipsec look" when we detect XFRM support.
commit a2c57a044f4e04b492acdb85de073d1d7ef7d177
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 19:12:48 2011 -0400
fix ipv6-v6-through-v6-klips-klips ping commands. It also will need
new output (once fixed) for the new "ipsec look" that now also displays
the ipv6 routing table. This test also needs a fixup to not need ping -I
commit a187576f42d84e3ac36abc6f20483e12b87fafb9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 19:06:20 2011 -0400
Added NEW_IPSEC_CONN table display to ipsec look
Added ipv6 route display to ipsec look
commit 8a4f8ec56b1e8e7416abd4c69404891239875a64
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 18:35:23 2011 -0400
Move the wait-until-pluto-started right after pluto starts and before
trying to send it auto/whack messages.
Add a ping to the testcase, on purpose without -I sourceip, to show
this fails because of a missing route in _updown.klips. This needs fixing!
commit 1599bc9959a69df767c2d8b6491198c87663f908
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 17:53:13 2011 -0400
westnet-ipv4 and eastnet-ipv4 were references but not present and
thus ignored, causing basic-pluto-01 to builda host-host instead of
a net-net tunnel.
Note that I filed a bug for this: https://gsoc.xelerance.com/issues/1239
commit 88ec140e62101c311e8f7c046d3b4fa258c057b2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 13:26:17 2011 -0400
Port of David's commit faa0133d 'Fix family check when policies are not set'
from klips to mast. Patch by Sony Japan.
commit 44c9912f4493d6338d07cdca1d7540c9076f3c8f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 13:21:43 2011 -0400
SLES-10 kernel also needs FLOW_HAS_NO_MARK. Patch by Sony Japan
commit 40c742a290a14051beecb058932879a7770037e1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 18 13:20:08 2011 -0400
Missin #ifdef CONFIG_KLIPS_IPV6. Patch by Sony Japan
commit c48b76387849b0b70def1752a83376ce5dffa5c8
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sun Apr 17 01:13:15 2011 -0700
Fixed syntax so that if the two variables are not set, the default to false.
commit f478fc51258cd4cda0ea13bea97d017ed3f4c13e
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sun Apr 17 01:12:03 2011 -0700
Formatting changes for consistany.
Bits of code missing fixed up, including a critical missing "then".
commit 7cfd728c39d4bc6d5072449eddcc7dd80915dba1
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sat Apr 16 23:45:54 2011 -0400
In lib/libwhack/whacklib.c line 148, the comment is wrong. 19 should
probably be 28.
in lib/libwhack/whacklib.c, lines 83 through 87 are redundant. If you
delete them, then the value for len can replace the use of len and that
variable can go. Then the code matches what I wrote.
commit 5690a3c8a2aaeadafcd4b492952f128c48adcea8
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Apr 16 12:51:11 2011 -0400
updated netkey, plain and swan kernel configs for 2.6.38
commit 4e09a5089ed9fac89e9b4db41a1d6b9ab1f96252
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Apr 16 12:40:26 2011 -0400
we had removed the building of klips for the swan26 kernel. This
puts it back in slightly differently, because we now use different
EXTRA_VERSION strins for modules, so we can install all kernel modules
in the BASICROOT.
commit 0ec05cb381dd754bd2b2055f7099cb89f967e0e1
Merge: e1a766e e73723c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 14 22:52:59 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit e73723c6df484c723516a69c2fd6b719ca2851d3
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 14 20:57:18 2011 -0400
changed NG references to SAREF references. Disabled NATT patch per
default (as we don't need it since 2.6.22+)
make sarefpatch still needs fixing, as it does not yet look in the
patches/kernel/saref/ directory for a "best match" to apply.
commit bf0cb0d37f925eedae8e7b4f8d68873725447d43
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 14 20:29:27 2011 -0400
redo the EXTRAVERSION= check/replace, as somehow in subshell land,
things caused make to abort with an error with no details on why.
commit 0d6f5bc8568bc81705574378369a92a93263b680
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Apr 15 08:28:31 2011 +1000
Fix inbound policy --addin, add --replacein
As far as I can tell the --addin option is to set the inbound policy
for an SA, but, we were not setting the flags appropriately.
Fix this up and also add a replacein option for completeness.
This code is only used when using eroute to configure tunnels rather than
letting pluto handle it.
Currently the manpage does not document --addin (and now --replacein)
and needs updating.
commit 5dbbd66f417f4df031a1265a9ec627fe4b987db3
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Apr 15 08:25:13 2011 +1000
Make sin_family setting the same as addflow
Make sure we are running IPv6 settings if needed.
commit faa0133d785b6f6abdb3c39fde9cf34383d82a07
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Apr 15 08:23:19 2011 +1000
Fix family check when policies are not set
commit e1a766ea383239971f1bea91df1c580c7eaaad06
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 14 17:56:02 2011 -0400
remove old cvs id
commit 896c0532d8b43525f7016ece0cc81e0d43cafd9a
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 14 17:55:32 2011 -0400
prevent double replace within EXTRAVERSION
commit b195c03ff55416f2a1129adfdf762c8911d64c7b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 14 17:35:26 2011 -0400
Don't make building swan26 special from the other kernels. This also
fixes the 'make modules' target for this kernel.
commit cfe35724f9a2f73046bead0ce123a416c9802788
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 14 16:16:05 2011 -0400
Add netfilter and ipv6 to umlswan.config
commit c510e968f5780b2f97a832e349cf8acded780069
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 14 15:23:21 2011 -0400
Change utils/make-uml.sh so that "make check" builds kernels with the
EXTRAVERSION set different for each flavour (plain,klips,netkey).
Also always build modules for these kernels - this is to allow us to
have things like iptables/ip6tables modules. Since we need different
modules for different kernels inside the same rootfs, we need to make
their uname -r different, hence the EXTRAVERSION
commit 60aed5c26cd280c19aadf7ac8e68ec68f1b911ae
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 14 14:53:15 2011 -0400
Adding a route for ipv6 is "ip -6 route add" not "ip -6 addr add" :P
commit e54c88b51f122a82e8cef39d7c20bfc68bfbb92e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 14 11:59:33 2011 -0400
updated changes
commit bca92033da9c27d8bcc709ef777f18d820aa9955
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 12 12:55:22 2011 -0400
added %v6:fd00::/8,%v6:fe80::/10 to virtual_private
commit 888df9d440898a167f27ed50a2802dca06bfcd4a
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sat Apr 9 03:16:36 2011 -0700
This was just the wrong place to put the link. Now done in the testing script.
commit 4b6906017a77b8532375b7539d25b8c1cbb72bb8
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sat Apr 9 03:11:45 2011 -0700
Updated to make the tcl-8.5++ interpeter not fail on old (bad) syntax.
commit 6b54bc9f78910a7aaa2d291c4e1675a3bdb55902
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sat Apr 9 03:06:20 2011 -0700
The compile caught a type mismatch for vsnprintf, this change fixes it, but
not in a typesafe way (I don't see typesafe extensions for *printf...).
Since the two arguents are now 8 bit, putting them in a "int" should always
work (unless someone wants to go back to 4 bit computers...).
commit 33e8e9b7bbc85e2f468e746ef05731e3c8db911f
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sat Apr 9 01:48:45 2011 -0700
Revert "This was breaking the compiler deeply, was never used, and then only in debug land. Away it goes."
This worked for two weeks for me in testing, but now, just after I comitted
it is fails in a simple "make programs". I am pulling it out till I know
why it's failing now.
This reverts commit 40fe9cf2ec2e8f06c092be7c7ca0b1901c81711c.
commit 361ad99643dc8eb8d3c04bc9e1aeb54407750cca
Merge: 06d065c 3b1ae5d
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sat Apr 9 01:30:40 2011 -0700
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 3b1ae5de130e68d7e4ed467be375ccc57d7f9ff4
Merge: 40fe9cf 982a9fe
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sat Apr 9 01:28:53 2011 -0700
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 40fe9cf2ec2e8f06c092be7c7ca0b1901c81711c
Author: Hugh Daniel <hugh at xelerance.com>
Date: Sat Apr 9 01:20:42 2011 -0700
This was breaking the compiler deeply, was never used, and then only in debug land. Away it goes.
The oswlog.h file had what seemed to be a related type-o (double cut&paste error),
commit 06d065c04b6dfca9918433887beb439323fcc8c1
Merge: c191418 982a9fe
Author: Hugh Daniel <hugh at xelerance.com>
Date: Wed Apr 6 19:21:05 2011 -0700
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 982a9fe786f2575e288d327bf2e4242b3cbacea1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 6 20:51:51 2011 -0400
add ipv6 netkey related modules in umlnetkey26.config
commit c191418dadbd220f9aa71f8b696a6e8db5e8b3ca
Merge: 819b780 671314a
Author: Hugh Daniel <hugh at xelerance.com>
Date: Wed Apr 6 16:25:16 2011 -0700
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 671314a3d61846cc2b4344e5b0b47383e025095b
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 6 17:50:31 2011 -0400
Fix the generation of start-netkey.sh with fixes similar to start.sh
that can start the modern uml kernel.
commit c7647680ce7228567974dfe73469ce550b5607c7
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 6 13:02:24 2011 -0400
split the ipv6 testcase into 3 to test klips-klips, klips-netkey and netkey-netkey
commit bb17f0aeb98c3fb619d618b632484741833b80db
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 6 12:34:53 2011 -0400
fix netmask in westnet-eastnet-ipv6 connection (should be /64 not /48)
commit f1eea399eea72bf39d0bd527aa6080bcd969a599
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 6 12:07:25 2011 -0400
subnets cannot be included via also= as this gives either a [non-ipv6
address may not contain `:'] or a duplicate key 'connaddrfamily' error
So these are now hardcoded in westnet-eastnet-ipv6
commit 3ef2aa94076172622801b09acbaa42956e564488
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 6 11:29:20 2011 -0400
Re-enable ipv6 autoconf inside the umls, but disable IPv6 DAD because
the mcast uml interfaces hear themselves back and then fail to use IPv6.
Using the sysctl "all" and "default" is not enough. It has to be
explicitely run for lo, eth0, eth1 and eth2
commit 819b780f734cec6b9794de23bfa59f141e35cacf
Merge: 834c479 f6cdca3
Author: Hugh Daniel <hugh at xelerance.com>
Date: Wed Apr 6 06:08:37 2011 -0700
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit f6cdca374a27d0a6b18dedfd5ee0be03b73c7209
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 5 12:17:05 2011 -0400
Fix all uml hosts to have "auto lo" and an inet6 entry in the interfaces
file for ipv6
commit 2983bd302b2e4ce373c7f5caed277a3fbb8cba17
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 5 10:28:15 2011 -0400
runme.sh expected to use . in PATH to execute testparams.sh
commit 2b2b16f559228bc6b0300cb5b7e5228f844920f2
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 5 09:57:41 2011 -0400
Fix pem.c password prompt 'format not a string literal' errors
commit 834c479d273b104aee6fa11735db7383041599d9
Merge: 2c0192b c3569d5
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Apr 4 18:54:02 2011 -0700
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit c3569d5dd35c11dfb244e49062b0adedeb9a2bb7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 4 19:52:01 2011 -0400
add ipv6 to uml kernels
commit 2c0192b10ef2b6ac627145a606e701f2202f9755
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Apr 4 16:34:13 2011 -0700
Genrates a symlink for index.html presentation.
The echo should be silent, not hidden.
commit 6352a627ad1c2748b8ca766cfd5143125f11923c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 4 19:18:55 2011 -0400
Added ipv6-v6-through-v6, ipv6-v6-through-v4
commit 7f65d1ac1cdd51cb152d76eb64cb0044a4f20e6b
Merge: f12339d a3b875e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 4 17:32:38 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit f12339ded65ee67b116562e98ea6903fff2ee52e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 4 17:29:41 2011 -0400
updated ipsec.conf.common to have ipv4/ipv6 versions of westnet-eastnet.
The names are conn westnet-eastnet-ipv[46] though I added the alias for
conn westnet-eastnet to point to the ipv4 conn.
Also updated ipv6-basic-pluto-01
commit a3b875e5080e8030dc8acefd06cff04d889dab45
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Apr 4 14:24:07 2011 -0700
Fixed calling deeper makefiles to work better, pass args/results up/down.
commit 1679bc5678e475e28b5af8f84cd8d13a85e3e79e
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Apr 4 14:23:06 2011 -0700
Turned off pfkey testing for now as it was broken.
Fixed calling deeper makefiles to work better, pass args/results up/down.
commit c83c2e819308409794a8b9f8d267c6a1c2bc40dc
Merge: 4de879a 35c3bda
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Apr 4 14:20:08 2011 -0700
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit d35eb7e894939b1f8cd09ebbb8b054b7216b0aed
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 4 17:12:13 2011 -0400
Added IPv6 /48 networks to nic, west and east based on RFC3849 example
space. I tried to make a logical mapping based on the existing ipv4.
commit 4de879aaddb0690e9077881776a5de7500798e32
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Apr 4 14:09:03 2011 -0700
Fixed calling deeper makefiles to work better, pass args/results up/down.
Added an end of target tag so we can tell it finished.
commit feec0c73728624cb78264695d7f485b09f3ebd32
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 4 17:06:59 2011 -0400
Fix openwrt example build line in Makefile (lingering commit)
commit 4012e82e080aec871469fd03eca92893c0c4282d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 4 14:02:38 2011 -0400
added ipv6 sysctl.conf parameters
commit 35c3bda0d978bf120c1f9fb026e6243efae3af02
Merge: d3a1fba 54d863a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 4 12:44:17 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit d3a1fba08ba6914dc59dde9829876a9a4f7be1b8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 4 12:43:52 2011 -0400
updated --use-* options in man page for pluto
commit 54d863abfe3ba0c8817a3a1c387e45f048c1cfb0
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 3 16:28:30 2011 +0200
Use protocol values from netinet/in.h instead of hard-coded values
commit 58202792882e2c010517b788e0e689ecb9163d50
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Sun Apr 3 16:24:55 2011 +0200
Fix duplicate defines for various encapsulation modes (pluto vs ietf constants)
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 3d5bbbe32241fb01d4c48bc03e239a63002c498c
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Sun Apr 3 16:14:50 2011 +0200
IKEv1-cisco-xauth issue: While testing ipsec connection with cisco vpn,
it seems that cisco assume that no xauth and modecfg should be done
during rekey. The changes are under "remote_peer_type=cisco" so should
not affect other stuff.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit bbc4cf78426b1cbc462ec99b89d254e7942738f3
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Sun Apr 3 16:04:18 2011 +0200
Openswan (IKEv2/IKEv1) icmp issue (redhat bz 681974):
It seems that Openswan does not have explicit support for processing
icmp traffic as specified in RFCs 4301/5996. Although IKEv1 (RFC 2409)
does not state explicitly about icmp, but this seems relevant to IKEv1
too. For some background, as per RFC 4301/5996, icmp type is put in the
most significant 8 bits and icmp code is in the least significant 8 bits
of port field. Although Openswan does not have any configuration options
for icmp type/code values, it is possible to specify icmp type and code
using protoport option. For example, icmp echo request (type 8/code 0)
needs to be encoded as 0x0800 in the port field and can be specified
as left/rightprotoport=icmp/2048.
Now with NETKEY, icmp type and code need to be passed as source and
destination ports, respectively. Therefore, code in the attached patch
(openswan-icmp-processing.patch) code extracts upper 8 bits and lower
8 bits and puts into source and destination ports before passing to
NETKEY. I have put this explanation in the patch too for better clarity.
Signed-off-by: Paul Wouters <paul at xelerance.com>
(This needs a new test case for both KLIPS and NETKEY)
commit da6f8b1a25adce1045227b08dd42d4bff7b638a0
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Sun Apr 3 15:55:00 2011 +0200
IKEv2 hard-coded port issues: In the IKEv2 code, port range was always
hardcoded to 0-65535 regardless of local policy. The attached patch
(ikev2-hardcoded-ports.patch) fixes this.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit ad0f150107235ee4e93a1f2487c19af64ec8c0dd
Merge: d414f82 3de2f1e
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Apr 1 08:51:02 2011 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 3de2f1e552daebae4eccb8242ae31919255a41f4
Merge: ef9a7b2 1ac4cf6
Author: Hugh Daniel <hugh at xelerance.com>
Date: Fri Apr 1 03:39:20 2011 -0700
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ef9a7b241e13ce9a0b6eef6b32672c337186eb55
Author: Hugh Daniel <hugh at xelerance.com>
Date: Thu Mar 31 09:33:18 2011 -0700
Changed how WERROR is define, letting a make/script from above supercede the definition here.
commit d414f823950c7fc7f4719c9e968345afd9d4d1ea
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Mar 31 10:13:27 2011 -0400
Remove useless define (already commented out).
commit 1ac4cf62738398b4d8c200658cb60dd867e5b51f
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Mar 31 10:04:50 2011 -0400
Replace "source" by "." as the first one is a bashism.
commit d214f62ed49de2dfe92a15f7054c8b6439318e7b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Mar 31 14:29:20 2011 +1000
Fix oops on module unload with mast in use
Code was calling ipsec_dev_put twice on the same pointer.
commit fb5d7aa6720b1d9746e4f82c646f4484d83e4b62
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 22 02:29:46 2011 -0400
Fix the paths for REF_WEST_FILTER in the ikev2 test cases.
commit 31b540025b7dfb82aef9281e1f82a06f395c2c3e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 22 02:25:21 2011 -0400
Remove all obsolete debian etc/network/options files and add one
unified /etc/sysctl.conf with the right settings into the baseconfig
for all.
commit 828fde19ca65c2044d0e906c905736ef08a7a5be
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 22 02:15:32 2011 -0400
fix typos in westnet-eastnet testcase base config
commit 8208baaea05d6b933f9678e7793c132be15d2c43
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 22 01:49:42 2011 -0400
Include stdlib.h when building for userland to avoid a warning about
main() being different from the builtin.
commit b17b6866188d775f868a7893b863da8d60d77889
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 22 01:49:07 2011 -0400
Do not define YY_NO_INPUT in parser.l. It is not used and failed -Werror,
as the comment above it states :P
commit 8dd9d10f7033b27cef78448470df55420e967dc5
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Mar 21 22:40:56 2011 -0700
Fixed the casts, compiles.
commit d837a4aafe4d81dfa8515b47a32c45f5d5341694
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 22 01:13:29 2011 -0400
Update the pcr_init() function in testing/lib/libpluto/seam_crypt.c
commit 3f1fb6967f820200156001c657d6368ab8406e00
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 22 01:03:09 2011 -0400
Fix prototype mismatch for initiate_ondemand() between connections.h
and whackmsgtestlib.c
commit 9409e1cc7f664db6f3bbb5c2b3e81735c47b7562
Author: Hugh Daniel <hugh at xelerance.com>
Date: Mon Mar 21 19:30:57 2011 -0700
Fixes the script so it _can_ run (adds ./ twice).
commit cf650e670bd7f0fdac7022e3be337aadfd3226cd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 21 22:25:31 2011 -0400
Fix all the REF_CONSOLE_FIXUPS= arguments to have spaces at the end
when they are added using "+".
commit 6aac7c68e80d86d4c2e4d8ee69935cd8f9750935
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 21 21:44:28 2011 -0400
Fix the testcases to properly use ../../klips/fixups/no-arp-pcap2.pl where
they had specified it without full path (which failed because "." is no
longer in the path)
commit 95aa2a105b2c8600ec231a39d82f12644382196a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 21 21:41:48 2011 -0400
Added leftsourceip/rightsourceip in the base config for westnet-eastnet.
As far as I know, this is needed. *swan in the old days might have added
the route automatically (eg in 2.4.x) but we control this now via the
sourceip options - for both netkey and klips. this surpresses the routes
when done on netkey.
commit c02851a76db64d9baef4e9f4a6daf3d00d6ae7f2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 21 03:43:59 2011 -0400
use LOGDROP to doubly make sure at the end of the test when we check
the kernel logs, we see the packets filtered.
commit 67ac4aa2a2c78657fb69056104bd460c18e5bf05
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 21 03:41:50 2011 -0400
ensure the root-XX runs a sysctl -p, our lenny based root-36 did not,
breaking forwarding.
Initialise a LOGDROP table for use in tests
commit d2feb2544583b683848afe1c0dd1b699a2830df9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 21 03:17:40 2011 -0400
Fix login prompt in loginuml. This was temporarilly set to
"maintenance mode" as that is what the root-36 was doing to us.
Now that is fixed in the rootfs/starting code, we can go back to
the regular login prompt. However the old commented out one also
does not appear anywhere, so we changed it to the new one, which
is simply "login:". This is confirmed working.
commit 3682af5b53dc86cb98c9c9fdadb908a110ecd151
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 21 01:26:58 2011 -0400
Add protostack=klips to basic-pluto-01 test
commit ec54dd0aafe35baba1d5a377dbe58c5675104b35
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 21 00:49:19 2011 -0400
Set protostack=klips in the baseconfigs for our test cases, so we
don't start with the mast stack (which we are not supposed to auto-pick,
but we do at this point)
commit 036e3344d7e523ff7c37aec51b5cb62612793fb9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 21 00:37:12 2011 -0400
updated changes
commit 8c67543eafc8f12f1bc5ea30072da6cbd0720bea
Author: David McCullough <david_mccullough at mcafee.com>
Date: Sat Mar 19 14:02:31 2011 +1000
AUTOCONF_INCLUDED not defined by linux-2.6.38
One choice is to check the kernel version, and this commit uses that
to decode what can/can't be included.
commit 3d1a918cc4bc09e9f2c5cd29e27ddf13c9d20294
Author: David McCullough <david_mccullough at mcafee.com>
Date: Sat Mar 19 12:20:30 2011 +1000
Fix typo in comment
commit 6e3b071b5dda2d833ff05f00e09b0837cbed6f74
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Mar 18 19:36:34 2011 +1000
Improve build speed, calulate version once
Build time on a core2 duo reduced from 5m20s to 7s by only loading the
version once (when build within a git tree).
commit ccfb191add71510b43078263fcab24e51abc2e19
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 10 17:55:05 2011 +0200
update CHANGES
commit b646bfd95ce3841d0a28c2737087a64f2d5b0728
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 10 17:48:40 2011 +0200
add dpd to l2tp sample configs
commit 74efbe733b221781e57964819d7388dbd7011f9c
Merge: 4fe05bb ddaafbc
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 8 23:48:32 2011 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 4fe05bbd642d83898953c24037978fa0abc334db
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 8 23:01:24 2011 -0500
Added example on openwrt call to build proper KLIPS with OCF.
openwrt versions of config-all.h and defconfig to use with
MODULE_DEF_INCLUDE= and MODULE_DEFCONFIG= included in packaging/openwrt/
commit d9904e1518713efeb78fbeeea406f880f8e4e00a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 8 22:36:52 2011 -0500
added commented out entry for plutostderrlog=/null
commit ddaafbc53f521fc6d32341f22a9fa54e0bc3fbb6
Merge: 49e655d 011df14
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Tue Mar 8 20:07:31 2011 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 49e655d93fc106424c8fd80a4ce0c8937b1f8bac
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Tue Mar 8 20:06:13 2011 +0100
fix various occurences of "/usr/local" paths in documentation
commit 011df14e66062085a2f3affa5f9abce6805b1307
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Mar 7 09:58:53 2011 -0500
Import OpenWRT packaging updates from OpenWRT
commit 17806c2719e8b1ea9731f2f73ddb694457707da5
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Mar 7 09:24:41 2011 +0200
Re-fix compile without USE_EXTRACRYPTO by compiling libsha2 by default
commit d735e448a034f39bdd1c2cb7a17e127bf89a0ab2
Merge: fbad5ac e089d54
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 1 20:14:06 2011 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit fbad5acc3d213545e13151f5433d7fe476c6377a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 1 20:12:50 2011 -0500
added patch for 2.4.37.9 to make openswan-2.6.33 work.
Patch by Yannick Koehler <yannick at koehler.name>
commit e089d5425e9fb27748e75e5884a451b5b74e3845
Merge: 5ca5859 078cffe
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 2 00:24:19 2011 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 5ca5859a0e1f8261308b9256758c36d92cc2432d
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 2 00:23:47 2011 +0100
fix manpage installation name
commit 078cffeae1164d8533996f990fd844a0f2c07bc4
Merge: ebb2b87 a28e1df
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 1 12:30:47 2011 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ebb2b87937994fa0f6c2d0b01a485cef8a565241
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 1 12:29:56 2011 -0500
updated changes
commit e73e3ce38c6b5a3d644c05c0ba904adc2ac33978
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 1 12:28:16 2011 -0500
The new mtu= option did not yet get passed via fmt_common_shell_out().
Patch by Mattias Walstrom <lazzer at vmlinux.org>
commit a28e1df133702ca33f55be17823c418d5812dfe3
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sun Feb 27 23:38:49 2011 +0100
small spelling fix
commit aefbf0e508ff6c1b002e734dd1496a2fca6a1572
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Feb 23 11:31:59 2011 +1000
Fix warning for 32 and 64 bits systems
For whatever reasons the 32 bit x86 compilers are complaining about
the format/arg sizes now. Force it to be unsigned int so that all
targets get it right.
commit 4ef946a66a5d558403d6f51ba36f4a8ac993608d
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 22 10:39:50 2011 +0200
update CHANGES
commit bc4f646e1e1461d6d55f2e222b613a91abb1d505
Merge: a52f310 9364069
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 22 10:37:18 2011 +0200
Merge branch 'master' of vault.xelerance.com:/xelerance/MASTER/git-master/openswan
commit 93640690f8a1753a8a9bac721732bc99926efb67
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 22 10:36:23 2011 +0200
CHANGES: add release date from announcement email
commit a52f310717affad87a777d9b7d637e20075456d9
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 22 10:13:48 2011 +0200
fix compile without USE_EXTRACRYPTO by compiling libsha2 by default
commit 381894cf80f935baa1086d40f648ea835ea75e59
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 21 13:25:52 2011 -0500
updated changes
commit 7a4f8a707aa009dad30fb34b0f063dccc31ce137
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 21 13:23:29 2011 -0500
updated changes
commit e7f1fc658d11a19af9f96886ef62c5c888aae337
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Feb 21 10:56:33 2011 +1000
Don't use ixs until its been validated
commit e737f135957b6c0b738ba06cd6d49674106abbaa
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Feb 21 09:44:43 2011 +1000
Do not access ixs->dev after we have freed ixs
commit 44062156ad52c1444fdc8fbc480fefd451de5fa0
Merge: 8471da9 8f759e6
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Feb 21 09:42:24 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 8f759e6bfb021cdf24155dd01cbe3188b8097858
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 18 12:37:28 2011 -0500
fix dumpdir to point to proper place (/var/run/pluto, not /var/run/ipsec)
commit 0ba0c64c3e10b5e83a5b35e5627e00ab702cb5cf
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 17 23:34:53 2011 -0500
KLIPS: log success of klips26_rcv_encap registering with the kernel
commit fb5c45ebe13c2a616f17493bb04791013be36e4d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 17 21:49:13 2011 -0500
OCF: Fix gcc warning for ntohs(osw_ip6_hdr[...]) casting in ipsec_ocf_xmit_cb()
commit ba4158320e37cdb77be4f0a105fd62e592d7c24f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 17 21:08:36 2011 -0500
OCF: updated version of ocf-compat.h
commit 19f516397a3ab95e98b97f139219d69fa1303216
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 15 16:55:43 2011 -0500
updated changes
commit dbf06100cc605c0037b5ca2a1d74a69f20db8f93
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 15 16:54:10 2011 -0500
KLIPS: arp_broken_ops is no longer exported in 2.6.37+ [Paul]
I don't think we actually depending on this - we might be able to
just take out ipsec_tunnel_neigh_setup() completely?
commit b599fbbd13d2cecbfa50bd69a0fc122abd59b710
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 15 15:08:03 2011 -0500
renames of docs
commit 772d8464fd3132320d91a1fc9cfffc063f134e8e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 15 15:07:17 2011 -0500
more doc cleanup
commit d90db0f0a4a6854104805e50ecf7dc472611a8a9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 15 15:05:56 2011 -0500
removed two more old drafts
commit 8471da9a772996304bd1a51936990cad86b65ad4
Merge: 55c3af8 66d5fe4
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Feb 15 12:57:42 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 66d5fe41a85ccd82cc9acf20866a66e446bdc0b6
Merge: 9496d7c 54da8db
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 14 21:15:26 2011 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 9496d7cca57a2418ba9b9721f0e64720cf30180a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 14 21:14:54 2011 -0500
updated changes
commit 0d48b5d2cae09d040b5775bf79bbafce364fa54c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 14 21:13:54 2011 -0500
updated changes
commit 52de55dcacf746c06cd1c191b407da23db9645aa
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 14 21:13:07 2011 -0500
MAST: increase traffic counters for mast0 [David]
commit 54da8db16769e96df08ee2312b3fe3793e14c5ba
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Feb 14 21:44:01 2011 +0200
use PLUTO_MTU and _PLUTO_METRIC in _updown.netkey and _updown.klips
commit a760df581c7e8153d9ba143639f75b3ac8060726
Author: root <root at bofh.xelerance.com>
Date: Sun Feb 13 20:46:06 2011 -0500
Clarified --ikeport (and mislabeled --port option)
commit 55c3af8ffca0113971aac4da440de61befe0a71e
Merge: 7aaa81a da21a44
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Feb 14 08:11:43 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit da21a44ee33a45cad82763fcc43d3b2c5a93c4b0
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 13 11:56:08 2011 -0500
missing #endif
commit ce611166e3c2e98a67abe198fd869eec3bc3e60f
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 12 14:07:36 2011 -0500
updated changes
commit 7a057c0be84b14e7b530a3dc316dd8e051b95bc2
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Sat Feb 12 14:05:28 2011 -0500
Fix for: xl2tpd[4229]: control_finish: Peer requested tunnel 21 twice, ignoring second one.
See http://lists.openswan.org/pipermail/users/2011-January/019978.html
The iPhone/MaxOS clients proposes to be natted, but didn't send a NAT-OA. The
client sends the l2tp packets with the public ip through the tunnel and
therefor the answer packet were routed over the default gateway.
Signed-off-by: Paul Wouters <paul at xelerance.com>
This is bug #1204
commit 5816037d7ed728fa898ce03d802abd9cc4c58224
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 12 13:43:56 2011 -0500
updated changes
commit b35882771669113693a26f098b6cb2a1aeffb9cb
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 12 13:41:31 2011 -0500
Avoid conflict with _res macro in uClibc-0.9.31. Patch by mb at openwrt
commit 7091b70859804e930eb132ee2dbdb48f073785b2
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 11 18:29:44 2011 -0500
updated changes
commit 18e502b5f1a661031646708435969209cf6dca1b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 11 18:28:57 2011 -0500
phased out doc.old.freeswan
commit b591598bac9de2ccc63a18b84a9e6c216cc1e986
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 11 18:09:54 2011 -0500
updated rfc.txt
commit 84408d477098b2e3d6141c98490ea06535d66e11
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 11 17:54:20 2011 -0500
updated changes
commit 6587857d59bfb877855afee72f0b150eed0643d2
Author: Anthony Tong <atong at TrustedCS.com>
Date: Fri Feb 11 17:35:08 2011 -0500
search the pending list for the connections host pair in add_pending()
and not procede with the queuing if a phase2 request already exists.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 4a6ca4eb77343d9f5f00786fd401909279433120
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 11 16:30:57 2011 -0500
Second part of mtu= per conn commit
commit 17c52678e51a67c611ada25d6f15ce0c52dbf6ea
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 11 16:29:54 2011 -0500
updated changes
commit b22a56fc18e653b2589aec0204bcb4ed577ad86a
Author: Mattias Walström <lazzer at vmlinux.org>
Date: Fri Feb 11 16:28:26 2011 -0500
This is to solve issue #1201 (dpd + ddns does not work), the entry
conn->dnshostname is used through out the system but it never will
be set if using addconn to add the tunnel. This patch will make sure
that variable is sent in the whack message if the user has entered
a domainname.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 49c1ef7ee2e9fd0f31e788decd40fdfb8abedc28
Merge: 7399df4 486584c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 11 16:25:47 2011 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 7399df48e4f8c42f792f5a9ca8ece4a8b975acf2
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 11 16:25:24 2011 -0500
updated changes
commit 0b51b0c52460b0da9783be8c1ddd50ec3b9f4b9e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 11 15:40:48 2011 -0500
Added connection keyword mtu= to set the mtu on a per-tunnel basis.
This sets PLUTO_MTU= which is used in the _updown scripts.
commit 486584cc3fd27cd900984ed8c850ea9bb9734463
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 10 10:08:36 2011 -0500
check for /proc/sys/net/core/xfrm_larval_drop in ipsec verify
If this value is set to 0, this causes the connect() to return immediately
on a non-blocking socket with an appropriate POSIX compliant errno.
This param has been set to value 1 by default in RHEL 6.0, but not in
RHEL 5.x. -- Deepak Gupta
commit 7aaa81a1211f5bcb6fd240d0faf72cc59184640b
Merge: fe539ff 388f2c0
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Feb 10 08:10:04 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 388f2c0b0ca4944d87710ea582dbce01226433fd
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 9 16:00:46 2011 -0500
updated changes
commit c01dd99a3a06bd487984625ce8097a9b9422d6dc
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 9 16:00:04 2011 -0500
enable dumpdir= in stock ipsec.conf for use with abrtd
commit b5c2251519182e84b9ef26e951a841eb75d0c806
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 9 14:28:08 2011 -0500
Fix the DISABLE_UDP_CHECKSUM code segment added recently.
commit 39b862c4ca58250ec8f43865ead54c927fe7d7f9
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 9 14:23:15 2011 -0500
ippkttotlen should be unsigned long, not int
commit df348984bed173bf2d5156e8d9b810c71f69e301
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 9 13:24:55 2011 -0500
updated changes
commit aa83b7d56512d57d792023a80153a875d309fe83
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 9 13:24:15 2011 -0500
Add aesni_intel to the crypto module list we try to insert in the kernel.
commit 577ee1d625d3a9487eeea05ee0afcc62b72b0127
Merge: 91ba69c bb1b51e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 9 13:06:04 2011 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 91ba69c98bceec43b3c1c412ac8ee97023677c5f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 9 13:05:37 2011 -0500
update changes
commit 15b824df3176ec24cdc296ee06e638963bcc3426
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Feb 9 13:04:08 2011 -0500
KLIPS: Add a new option to override the replay window via /sys
(echo 0 > /sys/module/ipsec/parameters/ipsec_replaywin_override)
commit bb1b51ed2d0ac68fb7aaca426ce4ec3515fd323a
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 9 18:56:01 2011 +0200
copy _updown.klips addsource fix to _updown.mast
commit 12be19ca46fca88d3bdb514073337ef2aad871f5
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 9 11:27:22 2011 +0200
update CHANGES
commit e751404fe22ec55eecb9d2acb879e3b1bb789501
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 9 11:24:16 2011 +0200
Fix addsource to always use /32 netmask. This is bug #1199.
commit fe539ffcac8e07f7bd4d151c01677db2d4ce03b6
Merge: 171bf97 0ea158b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Feb 9 17:56:10 2011 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 0ea158bb37bb6659ae46e4a575185687a15c4fef
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 8 22:15:51 2011 -0500
update changes
commit 6c55c133ce7653a9e3954384c7f821c5fba8373e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 8 22:14:21 2011 -0500
Move SHA2 to the basic build, so people who want just sha2 but
not blowfish/twofish/serpent can disable USE_EXTRACRYPTO
commit 46764d515d8d6224e593d119f6a1dcd6b56ee3c9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 8 20:23:54 2011 -0500
updated changes
commit bcbab4db0b642596db19e714af3ecad208a6042f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 8 20:22:17 2011 -0500
Use ipsec addconn (--configsetup and --checkconfig) in "ipsec verify"
This will now show syntax errors in the config. It also removes a bunch
of yucky perl
commit 62d16893176b4d6421c52ac1bb9bc45cd058c548
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 8 19:53:51 2011 -0500
- %ghost the rundir as per https://bugzilla.redhat.com/show_bug.cgi?id=656649
- removed very incomplete changelog in spec file
commit ff929c1146f275ebc05e613762547cb6d9ab1837
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 7 11:47:27 2011 -0500
Added labelled networking with selinux patch in contrib with note.
commit 171bf972d01de987e4458928332015ecb6a9a215
Author: David McCullough <david_mccullough at mcafee.com>
Date: Sat Jan 29 12:32:38 2011 +1000
Fix compilation with DISABLE_UDP_CHECKSUM enabled
Some old patch which is not IPv6ified yet :-)
commit 30669e08b91b8d318a4cbd87f5b37129bbd873cc
Author: Tom Rini <tom_rini at mentor.com>
Date: Thu Jan 27 13:20:02 2011 -0500
Fix for parallel build race condition in lib/libipsecconf/parser*
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 6e11c70d572d3ddbc91e25e3287b09f4a2857d55
Author: Greg Ungerer <greg_ungerer at mcafee.com>
Date: Thu Jan 27 10:59:21 2011 +1000
Removed the printing of the net_device "refcnt"
Removed the printing of the net_device "refcnt" when unregistering the
device. From linux-2.6.37 the field is not an atomic, its type has changed
to a __percpu pointer, and name changed to pcpu_refcnt.
The display looked only to be informational trace (of questionable value).
commit c0eb23ea05c551003d7075482f6e1694ba731d1f
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Jan 19 08:41:55 2011 +0200
Cleanup CHANGES.
commit f34fe62d433181d84459683098e74ca7c1ade2b7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 18 18:46:13 2011 -0500
fixes to man page
commit 1da2ae7221bff11bba375f4a4996f94b2384f112
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Jan 14 19:54:52 2011 -0500
Fix a small typo in a man page.
commit 5a1ed9c4ff78c3f36c092a8d3f871a1e8a1726fa
Merge: f7a0c2f b3c589b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 14 19:49:58 2011 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit f7a0c2f756bdb109c210bbe06d212d69d0246623
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 14 13:23:06 2011 -0500
Clarified vhost/vnet in the leftsubnet/virtual_private man pages.
commit b3c589bb4bf02cc4a3e005d9cebaa18be8467d24
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jan 13 16:39:24 2011 -0500
added clarifying comment on udp nat-oa from mcr
commit f6c2f2f740cee0a18ca5df77a38aecb3bb23594f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jan 13 15:14:03 2011 -0500
typo in parameter
commit 43f24195d40b364c60916f36b682b1842ba87abf
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jan 13 14:29:29 2011 -0500
update changes
commit 943d92b2efe6972b8251d6b1d181f406f7775fa2
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jan 13 14:27:30 2011 -0500
OCF: Fix OCF tuning with klips module
commit cccee079e48d50a9fc3d3cff49f4a710a766d7b3
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 12 11:41:28 2011 -0500
Added -DDISABLE_UDP_CHECKSUM to KLIPS compile for bug #601
commit e008fac6f5ae2c1c96e959d32fbd61fc43fe442d
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Wed Jan 12 11:39:39 2011 -0500
When OpenSWAN 2.4.5rc6 with KLIPS is used in transport mode for IPSec/L2TP
connections and both sides are NATted, the UDP checksum created by NAT-OA
in KLIPS seems to be bad. The packets on ipsec0 have bad checksums and,
consequently, are dropped by the kernel. If I deactivate the checksum
rewriting, i.e. set the checksum to 0, everything works great. Thus,
it seems that the rewritten checksum is the problem and that the
packets themselves are ok. When only one side is NATted, the problem
does not occur - the checksums are correct. The behaviour is the same
for OpenSWAN 2.4.4.
Is this an error in KLIPS / NAT-OA? Is it safe to disable the checksum?
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 98115889127b61c62c80de5cf6287fc9e49cb6d7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 11 23:06:09 2011 -0500
update changes
commit 60400ecd5383ae3f70c271f9b8ee5d6bfd08daf5
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Jan 11 23:04:51 2011 -0500
bz#659709, bz#641068: Currently, openswan does not send a signal to
NetworkManager, when a connection (configured through NM) gets terminated
and failed. If NM does not receive any signal, it can not clear its
openswan connections. The patch to address this issue sends a disconnect
signal over dbus to inform NM, whenever a NM-configured connection does
not get established (may be for several reasons), or gets terminated by
other means (not through NM).
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit d0ef2a2049e2a9449bf753160ed19610f0df9cfd
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Jan 11 22:53:28 2011 -0500
bz#658253: This issue is related to openswan interop with Cisco. Currently
during rekey of phase 2, some ipsec policies are getting deleted, which
caused connection not working during dhcp renew. The patch is only
applicable when remote_peer_type=cisco is set, and makes sure that the
policies are not deleted.
Signed-off-by: Paul Wouters <paul at xelerance.com>
Note: I'm not sure if this is the proper long term fix. We should find
out why some policies are not deleted (or why they are in the way)
commit f4bf79e43557a9ae61f26ec09b046e9c91b6ab4f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 11 22:30:35 2011 -0500
Added "-Wl,-z,relro" to USERLINK (if unset, similar to USERCOMPILE)
See red hat bugzilla 642722
commit fbc66c592d8a509654debd9878d1eeb2d9ed4067
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 11 22:23:31 2011 -0500
Don't err (red) but ok (green) the NAT check in ipsec verify if there
is no NAT
commit 0f90e7bdad784b2b8c6aa8658143c7d60fc83c04
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 11 22:15:03 2011 -0500
Fix ocf/crypto module param checks in _startklips.in from previous
commit.
commit a82b7fb033f940c47fbda596c7d0d2a938ab6857
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Jan 11 10:52:50 2011 -0500
Fix _startklips when no OCF module is present. Thanks to Ruben Laban.
commit dca081b232e63bccf16d6e103780c4dacf028c86
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Jan 10 22:25:49 2011 -0500
Fix erronous commit 725104043a9f173338e8fb296ec522d96c9ab26b.
commit be67320488530c32b02a69685db9834f6245c8e2
Merge: 7cc0139 e9c5aa6
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Jan 10 21:59:26 2011 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 7cc01394f30c8c04d9f6bdad09940c7682211203
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Jan 10 21:58:35 2011 -0500
Remove doc/ from Debian package. Thanks to Ruben Laban.
commit 725104043a9f173338e8fb296ec522d96c9ab26b
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Jan 10 21:13:34 2011 -0500
Have the stable DKMS modules version number superseed the dr and rc ones when evaluated by dpkg.
commit e9c5aa60245c633a1cecdd199dc65d852df54f38
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 10 20:57:27 2011 -0500
updated changes
commit e526a0647cce87abd31b0b9955a2f19e76279cef
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 10 20:56:19 2011 -0500
OCF: Set the OCF queues to 10000 when 256MB+ RAM and 1000+ bogomips
commit 615345fd64f0ea35b8a990c1058a649c3bc2315e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 10 20:16:51 2011 -0500
update changes
commit 7e57259ae3b75845ff848965844edf8fb059b3d3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 10 20:14:36 2011 -0500
Revert "If pluto is started with --nofork, then also disable nhelpers"
As Avesh pointed out, we always start with --nofork, because we want
the plutorun wrapper script to restart pluto on crash for us. I
changed this code so if HAVE_NO_FORK=true, then we disable fork and
nhelpers - but we no longer disable nhelpers when we saw --nofork.
This reverts commit 16989a3d0849ae8bb71df396d7f76ab4d6a63c03.
Conflicts:
programs/pluto/plutomain.c
commit 7d33b30a9e1fc330a9328100b25af65ef68b079b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 7 18:34:02 2011 -0500
update changes
commit 539894132c9dc76d5ef8add0f7953eb30eeecf36
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 7 18:31:39 2011 -0500
MAST: Fix NAT-T new style detection with protostack=mast
Apparently, we cannot call ioctl(sk, IPSEC_UDP_ENCAP_CONVERT, &ifr);
using ifr_name "mast0", so we use the old "ipsec0". Note that this
needs looking after because in the future there will be no ipsec0
interface when mast is used.
commit 6f0d042a6166fe201633f07cf4427b3684863c8e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 7 18:21:07 2011 -0500
NATT: cleanup of nat_traversal_espinudp_socket()
This should also re-enable NAT-T detection again for BSD/OSX
commit b96779f5516eaf1fcfa79b810d14dd1622162969
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jan 6 20:50:22 2011 -0500
regenerated rsasigkey man page.
commit a875f69a641533250f41ab713d9e5f4c67f7922e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 5 00:59:11 2011 -0500
remove doc from SUBDIRS
commit 6fe612e620560b161d19006c88f02638dc67aa85
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 5 00:58:12 2011 -0500
dont try to rebuild stuff in the ancient doc/ dir that got moved.
commit 24b79bb08ee7bf357b631aea0a01c68bb9e6da94
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 3 04:34:59 2011 -0500
Fix the "login" prompt in debian single user mode. It does not
mention "normal startup" anymore but "press enter for maintanance"
commit c66b32a4573bde30cb499f9247dea3c9c5f2a30d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 3 04:32:40 2011 -0500
Fix uml MAC's to have the "2nd rightmost bit" set to 1, so uml_*
tools won't whine about it being a global address. The 2nd rightmost
bit is the third bit from the right....
commit 65df01b83c7670654bfc0d9c1233781d3a856e1b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 3 04:32:26 2011 -0500
fix typo in error msg
commit 6e74a71ba6bd14eebb638409c470da59590e6c91
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Dec 31 12:37:33 2010 -0500
Typo for --debug-all argument for whack.c
commit c519325665ac79fe60225b6b9dc72163908f0a9d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 30 01:16:18 2010 -0500
renamed doc/ to doc.old.freeswan/ to avoid users accidentally reading
this old documentation.
commit e6a5f9bd772a6634998194ade5da8a6da82ef9bb
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 27 18:26:19 2010 -0500
logged the leaks in the function header comments for init_vendor().
commit 2ea15f29adfd387605bb54965c122a6053afca93
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 27 16:09:26 2010 -0500
DEBUG: Fix a few mostly cosmetic memory leak reports
commit 62d521b085c27523038a003c75fc978a3a9ce25f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 27 14:30:13 2010 -0500
Remove unused struct pluto_paths
commit 27b3ebb1199eb3fddbf2cf550e70dd878cf6a079
Merge: e0cc786 8f121af
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 27 13:52:40 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit e0cc786806e837dd88ab3415e9483dab9c17fcd1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 27 13:51:08 2010 -0500
IMPAIR_SA_CREATION and IMPAIR_DIE_ONINFO did not have their corresponding
pluto options --impair-sa-creation and --impair-die-oninfo
commit 8f121af14795684bb2b748bf60765e07afc1ff9e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 23 18:24:02 2010 -0500
When using USE_BSDKAME, disable USE_KLIPS and USE_NETKEY
commit 1143b844e3e696c30dc02b012ed31eb92d9f36c5
Merge: e3cba3c 45a346e
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Dec 22 19:11:33 2010 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit e3cba3ceb7e6c4f02904632c122148325bd46c76
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Dec 22 19:09:43 2010 +0100
on debian based systems the init script should exit with 0 if the main binary is missing
commit 45a346e82fa93a0ef9126bc02ae4df8b97697a59
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 23 01:26:50 2010 +1000
Fix KLIPS compilation for 2.4 kernels
Mostly IPv6 related compilation issues on a 2.4 kernel.
For now IPv6 support is disabled under 2.4 as there are some functions that
need different args (perhaps more).
commit a10973fa584c5bda0ea59d4f83f30f3407edea90
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 23 01:22:11 2010 +1000
Add skb_header_ptr and eth_hdr
Function that we use now that don't exist on 2.4 systems.
commit 9135f4fa790ab8308269aaee3854878cfab679ca
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 22 00:42:29 2010 -0500
DEBUG: log used --impair-* options given to pluto on startup
commit 832c42095ba6b9ba3d389dde5e5312d4585734ac
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 22:42:53 2010 -0500
updated changes
commit a13b2f15d6d683cc34c87cf316b0766325129fdb
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 22:41:08 2010 -0500
Added %v4:25/8 to virtual_private, as T-Mobile and Rogers/Fido have
started using this range as "private iprange". It is currently not
announced and not routable - but we'll see how long that lasts....
commit 3813d9c4bad82b1c1da5eabad829b7212c33146b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 22:34:41 2010 -0500
Added note about the 25/8 network to man page on virtual_private=
commit 505e111b87d90c430fc12c1f729665122def499c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 14:09:49 2010 -0500
updated changes
commit e0a3a307c08e9878ccec36d2ed2cd81ec7e3f261
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 14:08:12 2010 -0500
modprobe more cipher, compression and hash crypto modules so they become
available for both netkey and klips(cryptoapi)
commit f171e7c9d077dd450396ffd87ed7741728d66797
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 12:23:57 2010 -0500
updated changes
commit 98e2372ccaab3c585029dede2f1f6c7240a3c354
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 12:21:59 2010 -0500
X.509: Fix SHA2 family support inside X.509 certificates [fryasu at yahoo.co.jp]
commit 672c16c4648c55c78f8b531b7bf425c70715f9e6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 12:14:22 2010 -0500
Ensure nat-traversal has proper ifdefs for linux. #warn on other OSes
commit 62f58557d3394cec40d24c70ce66b1812393e80b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 11:32:55 2010 -0500
BSD: netkey/keydb.h moved to netipsec/keydb.h
BSD: netinet6/ipsec.h no longer exists
commit 917830b8396dfd1a01fa0aeb0d2bf9e09650fdd7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 11:31:35 2010 -0500
clean up freebsd sysdep include. Remove the #if 0
commit 10f682e6aa67c4cd83f43c4f001144ae43127402
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 11:18:11 2010 -0500
Add netinet/in.h include - resolve.h on freebsd needs it.
commit 1be91b627c17ac678e663a5432443c14343de506
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 11:17:36 2010 -0500
remove duplicate include
commit 27dfe8b4c577940076d7f8ba0f52c27c49763e00
Merge: 8ff9c9a 1e50d6d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 10:32:50 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 8ff9c9a7eb2ec8b04752f0f665348a471f370183
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 21 10:31:02 2010 -0500
BSD: Fix <sys/queue.h> include (for CIRCLEQ_ENTRY and friends)
Instead of the ifdef in connections.h, move include to the sysdep_*.c
location.
commit 1e50d6d4236e428dea234f0356e99f460034e4d3
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Dec 21 12:13:49 2010 +0200
Update changes.
commit 79511d2cc748b59beb1097b658c6776597642ad8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 20 18:06:55 2010 -0500
updated changes
commit 0f10410a67d3b11663a7117e569d0670621927bd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 20 18:06:28 2010 -0500
regenerated ipsec.conf.5
commit 012c0601d52a8a45872351f8fcd77890c56d73b4
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 19 16:35:32 2010 -0500
updated changes
commit 7dc9194575d63eec95f63467210dd39f2fa1ee3c
Merge: ff0389e 616eb0a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 19 16:34:27 2010 -0500
Merge branch 'klips-ipv6'
commit ff0389e0df2d06d23adad0ba917c83abad7f5da9
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Dec 19 20:03:59 2010 +0200
Fix typo in ipsec.conf man page, bug#1183.
commit 616eb0ac0f4340517ea1088163978d97b8946f2e
Merge: dd2709b bf73db3
Author: David McCullough <david_mccullough at mcafee.com>
Date: Sat Dec 18 22:40:06 2010 +1000
Merge branch 'master' into klips-ipv6
commit bf73db3799ebfead2f5d77092188ae83c28ba545
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 17 20:21:06 2010 -0500
Remove bogus double ##
commit aff20d8ea926b64566c2de72a7c2c0bdc9ce768c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 17 20:19:52 2010 -0500
Rewrap a CHANGES entry
commit e03ff703376595646a6f5c6f3d89a1e24f5e21b4
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 17 16:33:59 2010 -0500
Disable HAVE_OCF by default - sneaked in by accident
commit 9b506c57cf70ea2e80633a9fd018e1ad91a96c3f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 17 15:18:14 2010 -0500
OCF: change cryptodev.c logging to show this is IKE and not IPsec OCF
we are talking about.
commit f5970513f51046cdae88872f011259058c49d88a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 17 12:25:49 2010 -0500
updated changes
commit dd2709bbd86bd90049c27bae57e6cb765e805f1d
Merge: 6edb8a9 f8dba48
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Dec 17 22:25:12 2010 +1000
Merge branch 'master' into klips-ipv6
commit f8dba485b130085cc60a0528ff2308cc94048b8e
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Dec 17 22:24:37 2010 +1000
Make cbimm and batch modes configurable at runtime
commit f6c4f3bf1a6022c245994e88e9c21aeac3e47151
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Dec 17 22:17:42 2010 +1000
rename ipsec_ixs_cache_allocated_count_max
rename ipsec_ixs_cache_allocated_count_max to match ipsec_rcv's version.
It is now ipsec_ixs_cache_allocated_max.
commit 6edb8a952c3b35fca088bfb89c6da2a1ad81a6c1
Merge: e3644d0 70f574c
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Dec 17 21:29:33 2010 +1000
Merge branch 'master' into klips-ipv6
commit 70f574c009c81b9f7724f902ff703cb7dfb15530
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Dec 17 21:28:00 2010 +1000
Minor change to code flow
Basically the if can be converted to a while to handle multiple
requests at once. This version seems to perform the best.
commit dce78c8758bd3f8ed7aed341ad22de964d7ecd3a
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Dec 17 21:25:32 2010 +1000
Clean up the prng locking
It's not a real problem, but it could make decisions that are affected by
race conditions, even though they are non-fatal.
commit 0fa7d25227faa1f0915116d2ad1ba9091ded0b92
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 16 18:49:09 2010 -0500
updated
commit 4c381956c9afdd1f6d07670b179482a4df33a1a9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 16 18:47:49 2010 -0500
OCF: Attempt to load OCF kernel HW module on startup
Add cryptosoft to the modules to load in _startklips. For now added
commented out version to load cryptodev (userland acceleration)
commit f29c32f293fc72e3cdb1884c886299de10db1fdb
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 16 13:59:27 2010 -0500
Change the use of "source" to "." as that is a bash-ism.
commit fae250a6f39b3a623b62d97054cc45cc59ba35f0
Merge: 0a3e8cd 1c2a378
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 16 13:51:38 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 0a3e8cd09db79b291377d6f9a1a377478592afa0
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 16 13:46:46 2010 -0500
Clarified OCF support in IKE a bit better. Also log a warning if
we cannot find /dev/crypto.
commit 1c2a37840fbadea5376f3fd67b9a84e06513c426
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Dec 16 09:31:35 2010 -0500
source is a bashism, "." should be prefered in scripts
commit e3f3eca8b02b2b061ca7eb645aae60889b9b298a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 15 23:53:22 2010 -0500
Fix last ones of the source cwd issue with setup.sh and TESTLIST
commit 2f432a93d6dca4f52d6fdf403c765c84d63d3308
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 15 23:33:35 2010 -0500
Another source ./ issue
commit cb0ea0a30de6f217c5d80faa76e5b312b0213cfd
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 15 23:29:03 2010 -0500
more cases of where source (.) needs cwd
commit f96ed16feb6e1e66034329d0857f3989d839eee3
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 15 23:26:00 2010 -0500
source no longer has cwd in the path for its arguments
commit cb7c7d97d1b2672c6acde09d4b83b6e7331ac0b3
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 15 22:13:23 2010 -0500
the etc/network/interfaces files did not have proper auto statements
for most testing VM's, most notably east and nic.
commit 795cec1511d0453d7e852be0d229f136babdcac4
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Dec 15 21:04:02 2010 +0200
Update changes.
commit 2f121c8f83e936fed95d0d3611f48de11c918a3e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 15 14:01:39 2010 -0500
updated changes
commit ff5fae5d066c4facc8f6d414b1d2817a923f7f86
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 15 11:23:57 2010 -0500
updated changes
commit e3644d09e0a367824048f2facb4a4c683f6fbc2d
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 16 00:42:16 2010 +1000
Fix use of CONFIG_INET_IPSEC_SAREF for klips-ipv6
I got a bit carried away with the use of CONFIG_INET_IPSEC_SAREF
and broken the marking version of SAREF support.
commit 481ec63b33414cc80f7da5a1d191a1e2b501346b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 16 00:38:09 2010 +1000
Call with appropriate void * arg
commit 9b38bec108934f6e967dd08ade84ed35a929e708
Merge: 9f825bc 023ecdd
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 16 00:17:00 2010 +1000
Merge branch 'master' into klips-ipv6
commit 023ecddc6b0a419c29028fa835a402b17d70df52
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 16 00:09:06 2010 +1000
Fix up queue stop/start on SMP systems
Make sure we manage the queue starting/stop consistently
and within a lock.
commit a6712b2335218736b7802c868d802776f7ad367d
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Nov 16 16:22:26 2010 +1000
Fix string compare, == won't do it
Also fixes a compiler warning.
commit 72f95a15f7ba24260e0a2afc691c13c70982b28d
Merge: b32f6dc 2de1bc5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 14 15:50:31 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit b32f6dc8de89a94fc005f80363380b249e4c19cb
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 14 15:47:46 2010 -0500
update changes
commit 18ddaf8c8093a265fa4c91b29ebecca33ffc9fbd
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 14 15:46:06 2010 -0500
NAT: Put old/new style chatter into DBG_NATT - only loglog() failure for all NAT-T
commit b676ce2855f645f1bcaabb643eccfb580e60e3d2
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 14 15:38:11 2010 -0500
NETKEY: Reduce noise about Old/New NAT-T support
The NAT-T detection for ESPinUDP hooks were noisy and wrong on netkey, because
it tried to use "ipsec0" to send the ioctl() to test for IPSEC_UDP_ENCAP_CONVERT
It now uses "mast0" for mast, "ipsec0" for klips, and "eth0" for everything else.
commit 2de1bc5504e9c9c3f65a5f87c08a3e5c3214f181
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Dec 14 11:59:08 2010 -0500
Fix the conditionnal ipsec restart in DKMS postinst script.
commit e2496fe7d462fba0d3694a229a57bf773f63ddd4
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Dec 14 11:36:47 2010 -0500
During DKMS installation, only restart IPsec if the ipsec.ko module was loaded and IPsec was running.
commit b4255bf65e0d2f806050bb5759e6f757463cd835
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 14 09:37:56 2010 -0500
update changes
commit 740d8e9d785708f30b0f8d3d45e3c6dad10cea4b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Dec 14 09:35:16 2010 -0500
OCF: move netif_wake_queue inside the lock in ipsec_xmit_state_delete
> 3) I think is just a logic issue with locking and I need to double check the
> locking for holes and take it from there.
Ok, I think this just needs the netif_wake_queue to be done inside the lock
in ipsec_xmit_state_delete or after the unlock, looks like an obvious hole
to me as we haven't updated the counters yet but we have enabled the Q ;-)
commit 40d49731a0438ee6d46248734f2b1e6b1838ccb7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 23:51:47 2010 -0500
places some indenting in ipsec verify
commit b8928f7f0add22d5e88b9fa68e5e4347886c2e8c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 23:31:51 2010 -0500
use a copy of cryptoev.h instead of a link, because debian copies
the linx/ contents and it breaks the link.
commit 27f8f4e685fc9b0102e504ff82cf0da281e8a20c
Merge: e40c393 73aa9c7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 22:31:02 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit e40c393c0cbecd3b58c0a0284e263fcb127cc503
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 22:05:20 2010 -0500
Added ocf-compat.h for now, as cryptodev.h depends on it.
commit 73aa9c73db360aaff734833e8bf361626db78d7b
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Dec 13 21:09:26 2010 -0500
Temporary include the OCF dir for DKMS module building. This will need a cleaner fix later.
commit ca9fa6bcadbccd3792cc625fca58732e3a5d4249
Merge: 04444cd 3bc9a8b
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Dec 13 20:39:55 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 3bc9a8bd26cbff7862770435a143fcd8e9b058a1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 20:38:59 2010 -0500
added copy of cryptodev.h for kernel code
commit 04444cd19bbdec07f89276be0744608f4d799d81
Merge: da04239 031b06c
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Dec 13 20:37:50 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit da042392b5dab2b8808ff9df6611e362e4158c1e
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Dec 13 20:27:58 2010 -0500
Include packaging/ocf as this is required to OCF builds of DKMS and source debs
commit 031b06c2c4f247043b5d4b8bb0d9df4a13087557
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 19:01:32 2010 -0500
Add check for OCF kernel support in ipsec verify
commit 8ecd2e26bce91a13b9590ec538d42aec1bb8dd0d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 18:48:45 2010 -0500
updated changes
commit d0c802d34e3483f6e20faafb7eb5f366b60931ac
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 18:48:02 2010 -0500
OCF: Added /proc/net/ipsec/ocf to indicate if we support OCF or not.
commit 832e275cfbaa972448ce7e543d27c238680497d2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 18:31:42 2010 -0500
added help on ocf compile line when just typing "make"
commit 7791e3accd90d5cbd51b8a73221716a62513e9de
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 18:22:04 2010 -0500
Revert "Always enable CONFIG_IPSEC_NAT_TRAVERSAL on 2.6.22+ kernels, as it"
This reverts commit fd957234bac18a81f8b82a5e5c46a2573c59bf73.
This actually only enables to OLD style NAT-T - which we don't want
to do on newer kernels.
commit fd957234bac18a81f8b82a5e5c46a2573c59bf73
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 17:53:00 2010 -0500
Always enable CONFIG_IPSEC_NAT_TRAVERSAL on 2.6.22+ kernels, as it
needs no separate patch.
commit 3aac0fdb23a40b78019ecee16da52923038ab6bd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 17:49:06 2010 -0500
disable CONFIG_IPSEC_NAT_TRAVERSAL setting in module build params
commit cfa6683903d4f60f6f3f8c38b660ce4de904d191
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 17:46:49 2010 -0500
comments and settings for ocf version of klips/modules
commit 9adbaa0bda296484a880f433f8c09e5e04d36034
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 17:36:39 2010 -0500
Added ocf default module paramters
commit 5109a73c09364a7a2814683256a20ae507e2c2c0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 17:22:06 2010 -0500
updated changes
commit c895de54099cba5b030518dfceabca941d20058c
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Dec 13 17:20:29 2010 -0500
OCF: Update to OCF for SMP systems to allow using multiple CPU's
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit ae844ea21009a06273757035198e13d84267fa60
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 17:05:43 2010 -0500
Change the mast0 fixup mtu to use 16260 instead of 1452.
commit 7300c3dc4881913da75865f4f840c24e6e35feae
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 16:51:00 2010 -0500
enum_name() fix was not picked up in last commit.
commit d961057912c6d7c33eb09ef8071dd6c72b3d3843
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 13 12:59:04 2010 -0500
It's enum_name(), not enum_names() to display the name.
Dpd also needs to include pending.h for flush_pending_by_connection()
prototype.
commit 9fc8c29666c19b1401d4b392a841f4ed834aa3de
Merge: 7e1cedd b6aae3f
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 12 16:10:37 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
Conflicts:
CHANGES
commit 7e1cedd62a8381e4ce26d70d6bbe74e1940976b0
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Dec 11 19:42:29 2010 -0500
update changes
commit 005846b84ce34060e10f2d6b671e1104276c81f4
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Dec 11 19:41:19 2010 -0500
RSA: Fix generation of ipsec.secrets when missing on first startup
newhostkey called rsasigkey with wrong arguments.
rsasigkey usage string was not listing all options.
commit b6aae3fdad03f50686e0178e7f8bd3587df803f2
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 10 17:32:05 2010 -0500
update changes
commit beced7a4b52682b2eb2d8c24a1326544ee463c20
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Dec 10 17:30:11 2010 -0500
When we delete in the dpdaction=clear case, also remove any pending
phase2 requests we have for this connection.
commit 1540b2b8f84bec6f91ef2283ad61f12edfa3d48e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 10 17:09:39 2010 -0500
Make it clear with a cast that we're ignoring a return code in one
call to terminating_a_connection()
commit 9abe43f6142161a719d662e96e014e1cd4bdb25d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 10 17:07:11 2010 -0500
log the kind of connection we're unrouting in the DPD clear case.
commit 9c22456b53202a4def5334ade700c75a31da5f25
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 10 12:57:15 2010 -0500
added comment on last commit explaining why we "accept" an interfaces=
with mast0
commit 5c45f4483cd131ce2f2e7082a03abdf05b13589e
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Dec 10 12:52:58 2010 -0500
Fix support of interfaces="mast0=eth0"
commit 4e912d31826114ead61444dd3e77bd4e94d1292b
Merge: 2437b5b ca6c690
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Dec 9 21:45:38 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ca6c6901343e3fb060eb2e2621f2ffcc6421e2cc
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 9 21:44:12 2010 -0500
Automatically setup some dependancies in Makefile.inc depending on user
choice. Also enable USE_MODP_RFC5114 per default.
commit 2437b5be75858a02907edd82b6c62c7856f1842a
Merge: 6e0a1a1 ccbca9a
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Dec 9 20:25:41 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ccbca9abbedaf7a65d27094837952dc6d06db22f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 9 17:32:57 2010 -0500
fix typos in changes
commit bb05b34822c0cfe2997b5fdd74fa916e164ace34
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 9 17:32:32 2010 -0500
supress output in /bin/dash check if not installed.
commit 6e0a1a1dfb69cfdb3f4167dca1f3b451e7b0edd6
Merge: 20c9e21 404fa24
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Dec 9 13:26:12 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 404fa248c5b39dfe0295d631729454549a0e8790
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 9 12:32:12 2010 -0500
Clarify Tuomo's fix a little bit in the comment
commit 20c9e21fea7320e2763af26a0f68ba2c461c0d1f
Merge: 4ab9f3d 921c4be
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Dec 9 09:00:09 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 921c4beab060768f1737312b28e231cad4415304
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Dec 9 10:46:12 2010 +0200
Update changes.
commit c999293ea8def3eab5ca871a9a74ad53aa5ed670
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Dec 9 10:42:58 2010 +0200
Fix for crash with dpdaction=clear on CK_INSTANCE.
commit 9f825bcf73a5d4e6c5c17c59affb46e819534fb1
Merge: 8bc4b25 a914ccf
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 9 17:14:41 2010 +1000
Merge branch 'master' into klips-ipv6
commit 4ab9f3d4e9dae2cfdd74844675cf3b2dceafdc9a
Merge: e7b0637 a914ccf
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Dec 8 13:07:04 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit a914ccf13a99cf2d012f3ac4208306db14662729
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 8 01:32:23 2010 -0500
updated changes
commit ffa3a10fad8f8765cb6e75fa30c314f977970159
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 8 00:45:00 2010 -0500
when building development spec, ensure all -O levels are removed (even
ones without a number)
commit 2786ff0005afd2459f20fb2f913ea414de1e4c5c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 8 00:06:48 2010 -0500
Revert part of 031876ef64a475930028dc72bd335d4019db4bbc
We must delete_states_by_connection() before unroute_connection()
commit 194283441253199a53a290ab777c53d7a56a8fcb
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 7 23:33:10 2010 -0500
DPD: DPD_ACTION_RESTART would always execute DPD_ACTION_RESTART_BY_PEER
A wrongly placed break statement caused these two actions to always happen.
Also a cleanup of the switch statement removing checks and use a
bad_case() instead.
commit d88936d552a69a6d037f83d08a6166d4340ceb60
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 7 23:16:11 2010 -0500
fix some indentation
commit fe8082ec8ef805fcacdfb1c3f59f8346a6e6b944
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 7 23:13:21 2010 -0500
Remove unused struct connection *c in handle_next_timer_event() [dhr]
commit 8127df12b8a85ff71d9f8047aa99dfa608dd6cc5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 7 22:47:05 2010 -0500
Remove broken code that was supposed to prevent duplicate printing
of "processing connection". We'd rather see and/or fix the duplicate
instead of fixing the broken code causing double printing to be hidden.
commit e7b0637d2f32137ce7dd6717b19f4c07c345dbec
Merge: 9cd1bbe 7443b0d
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Dec 7 16:19:38 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 7443b0db7abbc985da27895ee98cd35db16c0ef8
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 7 15:43:54 2010 -0500
Write out d->kind >= CK_PERMANENT fully, in case in other CK_* kinds are added.
It also makes it more explicit we are checking PERNANT, INSTANCE, and GOING_AWAY
commit 9cd1bbe13f37af8288f0480e7260d2a89bba0490
Merge: e256f5e 4e54d7e
Author: Simon Deziel <simon at xelerance.com>
Date: Sat Dec 4 14:03:53 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 8bc4b25876836ac40e903275a33bdce5a4a6f61c
Merge: a06f9d0 4e54d7e
Author: David McCullough <david_mccullough at mcafee.com>
Date: Sat Dec 4 17:43:58 2010 +1000
Merge branch 'master' into klips-ipv6
commit 4e54d7eb5e2d8bfa6dfee0964de2fec03997f0bf
Author: Tuomo Soini <tis at foobar.fi>
Date: Sat Dec 4 09:09:28 2010 +0200
Minor changes for CHANGES.
commit e256f5e2bed763a4e8a4a9dec0327ade18864441
Merge: 126693f d3fc0b8
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Dec 3 18:10:41 2010 -0500
Resolv a conflict on programs/pluto/dpd.c
commit d3fc0b817eab0e084489832b70d740d0c5043532
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 3 16:48:29 2010 -0500
updated changes
commit 031876ef64a475930028dc72bd335d4019db4bbc
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 3 16:32:15 2010 -0500
unroute_connection() before deleting it, not after it.
This might fix a DPD crasher.
Also, add a warning when dpdaction=%hold triggers on an instance.
commit 126693f914921d39bc8dfc6e73fe4172e5056872
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 3 16:39:17 2010 -0500
updated changes
commit c5984de5ce05112eb3a3392f0d9fedc5f916fa2f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 3 16:32:15 2010 -0500
unroute_connection() before deleting it, not after it.
This might fix a DPD crasher.
Also, add a warning when dpdaction=%hold triggers on an instance.
commit e4c05f55a00a82cd2fdec62c2207eaf487970f1a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 3 14:15:18 2010 -0500
OCF: Show whether we are compiled with OCF support on pluto startup
commit a06f9d0ea2411dcd93eb71df1bc7bd1bf453813d
Merge: f17622e 261731a
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Dec 3 15:56:07 2010 +1000
Merge branch 'master' into klips-ipv6
commit 261731a50386e1f919d471cead14f91ab79ce770
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 2 20:49:32 2010 -0500
fixup of echo line
commit f17622eab8cbb210fb93d674662e0965f3aa5850
Merge: 961a8ee f4145ad
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Dec 3 09:34:13 2010 +1000
Merge branch 'master' into klips-ipv6
commit f4145addb248dbd692907320d72b12a8ae83810f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 2 16:31:47 2010 -0500
updated changes
commit 7d65a2ef31d180ccf8bf541ccf285a1d4861de35
Merge: f768401 2c0a805
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 2 16:14:58 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit f768401c7c50a9a22d0ab1a4c6b6a508ef45cd2d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 2 16:12:15 2010 -0500
updated changes
commit 2c0a80535d36b3c04ad100cbd1ef895c91537a89
Merge: 5e679e7 2df63b6
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Dec 2 22:05:28 2010 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 5e679e7094292eaa71d701aef3aa7a84e0f78ffd
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Dec 2 22:03:32 2010 +0100
Make the init script check for errors in the config prior to execute
start/restart/reload actions.
commit 2df63b67ffd4e0bc2f1264e5b6133b13d3aec6e1
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Dec 2 15:49:05 2010 -0500
osw_alias_cmp has a bug.
s += nlen;
while(*s!='\0' && *s!=' ' && *s!='\t') s++;
Why? We should advance in s to the next possible match. That is not
nlen characters hence, but only 1 character hence. And then we should
start the attempt AFTER the next whitespace character, not at it.
So this code has probably never found a match that didn't start at
offset 0 in haystack. Why? Because every search after the first
starts looking at a whitespace character and that cannot match.
But the actuall bug that caused the dump is that the remainder of haystack might not
even be nlen long, so scan of s may skip the NUL at the end.
Does that mean that the scan is redundant?
commit 9cd6e6aad4f85d2f2218364062f2ca4bd87812b1
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Dec 2 21:41:15 2010 +0100
Add --checkconfig option to addconn in order to just check a config
file for valid syntax in all sections and bail out on an error.
commit 7259945179b026905de655537d99f7a1e5e9b94f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 2 00:51:10 2010 -0500
UML: newr uml kernels needs to be started with rootfstype=hostfs
commit dbd87fdeb7ef76c5f742b7382231c61e9f2db1a9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 2 00:09:47 2010 -0500
Unset CONFIG_STATIC_LINK in testing/kernelconfigs - it causes uml to
crash on too modern (two year old :) gcc's.
commit 961a8eeb4fe894fcd0ad91937b44ed4824c37e03
Merge: 636c2c9 7124065
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 2 13:35:05 2010 +1000
Merge branch 'master' into klips-ipv6
commit 7124065bb6e6073bf206f66d1c206df6fa1d71ce
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 2 13:34:05 2010 +1000
Order algs correctly for OCF processing
When mixing AUTH/CIPHER algs, the crypto descriptors need to be in the
correct order for OCF processing, otherwise, depending on the driver,
in correct results or EINVAL will be returned.
rcv: auth + cipher
xmit: cipher + auth
commit 636c2c97118be5d837b8a55455c3dbb7bb355c16
Merge: c1f5bcd 319ebea
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 2 12:09:44 2010 +1000
Merge branch 'master' into klips-ipv6
commit c1f5bcd83c364d23cb14f4f630c6e3ee7884d7e1
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Dec 2 12:04:37 2010 +1000
Order algs correctly for OCF processing
When mixing AUTH/CIPHER algs, the crypto descriptors need to be in the
correct order for OCF processing, otherwise, depending on the driver,
in correct results or EINVAL will be returned.
rcv: auth + cipher
xmit: cipher + auth
commit 319ebea8bd204a411e346fc7fda1761ef843fb88
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 1 18:56:16 2010 -0500
delete a makefile patch meant for linux 2.2
commit cf7b5852fc79cfc5a91b7419f5a79b2073efe9e2
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 1 18:47:31 2010 -0500
Fix the net/Makefile patch to modern 2.6 kernels. Instead of trying
to tag on at the ever changing end of the Makefile, change it near
the alternative stack (XFRM) which seems pretty static.
This fixes building via "make check" on our uml testing infrastructure
commit 4299fe20761bca4e5ec11d51ea53ee1e26aa1df9
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Dec 1 21:29:25 2010 +0200
Add define development which removes optimization from optflags.
Cleanup efence stuff.
commit 52fa63a0b49118a7840944fbe5a1b2797f5b30cc
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 1 13:24:05 2010 -0500
updated changes
commit f7177b19047f1e00dd7b45eb54413bb863db4000
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Dec 1 13:21:33 2010 -0500
quick_inI1_outR1_cryptocontinue1 calls start_dh_secret.
After start_dh_secret returns this code will then execute:
if(e != STF_SUSPEND) {
if(dh->md != NULL) {
complete_v1_state_transition(&qke->md, e);
if(dh->md) release_md(qke->md);
}
}
In the STF_INLINE, this is probably wrong:
quick_inI1_outR1_cryptocontinue1 has already called complete_v1_state_transition
and it has freed *dh.
It called quick_inI1_outR1_cryptocontinue2 which did the release_md too.
So this code would be more correct if the first line were
if(e != STF_SUSPEND && e != STF_INLINE) {
commit f53bd270792a1d745bc32f6c4377892016d0a51e
Merge: 2a55f91 4b473c9
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Dec 1 16:25:17 2010 +1000
Merge branch 'master' into klips-ipv6
commit 4b473c90c0acb045d45d7f8a52023dd97dc78454
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 1 01:12:30 2010 -0500
remove weirdly placed "0" in comment.
commit 56c06bf83c8764ed11a4f1c927361da138806a1f
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Dec 1 00:09:20 2010 -0500
When logging with plutodebug=all, in ikev1 we called DBG_dump()
with the wrong length cause by using pbs_room() instead of pbs_left()
This used to be undetected - linking against -lefence caused this
to trigger a segfault.
commit 2a55f91158354d3434603690a99b13e855239cac
Merge: f43c224 6448936
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Dec 1 09:12:20 2010 +1000
Merge branch 'master' into klips-ipv6
commit 64489360bbc3907da44ab6a09d73c54093a3eb85
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 30 16:17:03 2010 -0500
Add buildefence flag to openswan.spec file for easy enabling of efence
commit 21476ada0919a86a36fcc32c93ac95963e6007f9
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Nov 30 09:35:39 2010 -0500
Do not remove IPv6 IPs when removing IPv4 ifconfig's style aliases
The problem was reported by Davidm.
commit f43c224b959d9c34f011f71a442fcdb15f6efc99
Merge: 0977220 cefd1df
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Nov 30 13:32:29 2010 +1000
Merge branch 'master' into klips-ipv6
commit 09772208abde2dadabb32f7a546ae7bc6d96ec77
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Nov 30 13:27:20 2010 +1000
IPv6 support for non-OCF users inc. IPCOMP
Bring all the IPv6 support up to date for all non-ocf
code paths. ifdef out unused code that is not ok
for IPv6, we should delete it all ASAP, it's just confusing
when looking for code use.
commit 12dc4ea15cebbe6ed2de896b9889bcba86ad3537
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Nov 30 13:23:43 2010 +1000
Switch to KLIPS_PRINT to reduce noise
If OCF can't do something, log it with KLIPS_PRINT,
it's really only DEBUG info that you need when things are going
bad, not something that is needed otherwise.
commit 9f9f6642a388b440d2840ca18587e0db1b73971b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Nov 30 10:51:28 2010 +1000
Prevent long DNS lookups on alt. addressing
Not that ttoaddr handles IPv4/IPv6 notation properly,
we can just use the one call, preventing big hangs in
pluto while DNS times out. This code should be moved to
use async DNS if possible, though it isn't usually needed.
commit 741ea26ca8c2730f8438c1df8b9c096d43c86afd
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Nov 30 10:49:41 2010 +1000
When family isn't defined, match IPv6 addresses
Need to ensure that we never go to DNS for IPv6/IPv4 addresses
in ';"/'.' notation if the family is not defined.
commit c09b80e85919455a5aa5cfb21643a1b3a08d343e
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Nov 30 10:44:17 2010 +1000
Remove ipv6 protocol at unload properly
So that we can be reloaded or switch to netkey :-)
commit cefd1df98bd756212d36bb0e57ef6ef2946bbceb
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 27 21:49:25 2010 -0500
Added a check in "ipsec verify" for /bin/dash, because it is just too
incompatible with /bin/bash. We try, but today I found another issue
in testing/utils/make-uml.sh
commit b90fbae3077c7d8a22d650dfa5b7b1d7d307211a
Merge: eab5802 c447a2d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 26 14:20:38 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit eab580291de5a86f228edadb4d0476dd7808fa0c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 26 14:19:41 2010 -0500
Added nat-pluto-08 and nat-pluto-09 testcase to test vnet: keyword
and vnet: per-conn subnet addition.
commit c447a2d687f603b75b9f4afcc5d9d30c5db87643
Merge: 74e67e7 46d5a4e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 26 14:02:02 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
Conflicts:
programs/algoinfo/algoinfo.c
commit 74e67e7cdcb9ae746bd409b5a0d1ef630a1269e6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 26 14:00:35 2010 -0500
Remove unfinished old algoinfo code
commit 46d5a4e6d3f1696f69ccf16d30713df81bb97da1
Merge: 2a8ea05 9298031
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Nov 26 13:20:24 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 9298031b5557945d5c47f588b98b281fdee332bc
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 26 13:13:34 2010 -0500
updated changes
commit 24ca1cc42b235d55043c1920cc5d4b10d28b0136
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 26 13:09:51 2010 -0500
Revert "Added pluto option --impair-shared-phase1 which causes pluto to never"
This reverts commit e31f38dcfd1bfabee26c7348c5d8edad59fe9624.
When specifying separate leftid/rightid for each conn, we already skip
sharing the phase1. This patch actually caused a crasher on --down.
example:
conn c1
left=@c1l
right=@c1r
leftprotoport=17/1
rightprotoport=17/1
also=base
conn c2
left=@c2l
right=@c2r
leftprotoport=17/2
rightprotoport=17/2
also=base
conn base
[...]
commit 2a8ea05ced5e82e4233eb9fe6fd1e56e13342840
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 22:10:54 2010 -0500
Replace RCSID with ipsec_version_code()
commit b6f841986f4115aeb20a1f4185764ba8dbf0a00d
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 21:50:27 2010 -0500
Make GCC happier with initialization style
commit 57a73274b6b32b10cd8b4e9f5ca726171392853b
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 17:58:58 2010 -0500
sizeof() return type is size_t
commit 44998c411838e40b83b3a15cef978b42cf334d0c
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 16:49:06 2010 -0500
Silence an unused variable and make some functions static.
commit 89f6f165c1986f9009df7197353246a4893104d3
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 16:26:09 2010 -0500
GCC prefers to have the static keyword before the structure definition.
commit 412cb525e456978309c34f738b016fad2edeb238
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 16:20:27 2010 -0500
Properly identify aliases interface
commit cc8e9614089d3da833f6a179d99a7dd2359ead1b
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 16:01:29 2010 -0500
Remove ifconfig style aliases when creating ip aliases on virtual interfaces
commit a592691a31fe50fd27956358d50b6a388192fb36
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 14:01:21 2010 -0500
Fix the empty if body to include the DBG call.
commit 6e3509b9603bc21088c3835b745c9ea3e9037732
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 13:49:05 2010 -0500
Set environment in plain English using LC_ALL consistantly everywhere
commit 2648f8e906928977cb7d8da93b26a0bb79c73aa8
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 12:42:18 2010 -0500
Set environment in plain English using LC_ALL consistantly everywhere
commit a26cefe781f875fc768895e39960abfbd5367aee
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 12:38:12 2010 -0500
Use variable substring removal for uniformity
commit 1376e87675b782245c3cea891d5bf0800c68de8d
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Nov 25 12:34:59 2010 -0500
Enable init script debugging when IPSEC_INIT_SCRIPT_DEBUG is defined in the environment.
commit 62ee556f2c780ba6e43c061af9a59871f6560174
Merge: 3f39a2b fa0fce1
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 25 14:46:04 2010 +1000
Merge branch 'master' into klips-ipv6
commit 3f39a2b6edbefe62ade7011db1a9080ee7698085
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 25 11:56:09 2010 +1000
remove duplicated copy of code
commit fa0fce14e0ce1af50ca617f706d488f2dfc30302
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 21:00:52 2010 -0500
Warn if bytes read from cert-blob coded file is not what we expected.
commit 64f82d502bfaa4193598cc18d4d700f43e3f766b
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 20:35:01 2010 -0500
Update the man page of ipsec.conf to reflect the change for sareftrack= which now defaults to yes
commit 35ad2f2818b2b768a289eaa57db95637c727079a
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 19:34:28 2010 -0500
Revert "Make the file descriptors const as they are not reused."
This reverts commit a0feb2f47da3d7acd4b29924d0c40325d8f8f604.
Conflicts:
lib/libopenswan/certload.c
commit cf1d2159a5c0eba1f28881986e32b9b0a8ccb5c5
Merge: b05f39f d7ecd23
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 17:26:37 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit d7ecd23df4ff1ba14b8640e2f24c0de083943b75
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 17:14:56 2010 -0500
fix type of bytes to size_t
commit 37a218d5d6ceb33a634ea5018d5b0cf59f63e0ee
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 17:11:47 2010 -0500
missing ;
commit b05f39fde978d3c6a206461beeb9a66568d42c07
Merge: 8c5e50a d3a5279
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 17:11:19 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 8c5e50ac8fca7a23de6a319f19759f3c54b0b710
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 17:11:15 2010 -0500
Fix printf format.
commit d3a5279108f4819ef7e15fc7075adb5018db8628
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 17:10:03 2010 -0500
Warn if bytes from cert blob read is not what we expected.
commit e10b92d701557d3686526c82dac5643c410b70c5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 17:09:54 2010 -0500
remove temp marker
commit 344e8a62565be75ada382cf3d39a57b10dea85b5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 17:00:25 2010 -0500
updated changes
commit e9556509c43eef0049f6776612a59a3b97f071ea
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 16:59:21 2010 -0500
Set sareftrack=yes as the default policy (unused on non-mast stack)
commit 14cb6dacbd8449a872fc8e1838173d988e6a838b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 16:55:22 2010 -0500
swap two declarations (putting one with initialiser last)
commit 3ed28c10bfb832922fb7c50916f22a27ffcf5972
Merge: b8889cf 60f0d7b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 16:49:08 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit b8889cf4aaca5a6eafeed97589aaa144da4142f1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 16:48:56 2010 -0500
updated changes
commit 60f0d7b45852b5035e31b4d37d82eda31248feb5
Merge: a0feb2f b905b75
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 16:45:23 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit a0feb2f47da3d7acd4b29924d0c40325d8f8f604
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 16:45:17 2010 -0500
Make the file descriptors const as they are not reused.
commit 9a3355c0598e254f2497f79acedbb65a9d8224c6
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 16:44:53 2010 -0500
When AUTH fails (PSK or RSA) return STF_FATAL instead of STF_FAIL in IKEv2.
This deletes the current state/cookies. Without this, in IKEv2 we would try
to rehash_state() on the next retransmit packet from the remote and crash.
There might be a better fix, though I'm not sure why we should keep the
state object when AUTH has failed. The connection will not repair itself
(though we might end up redoing the same to delete the same, causing more work?)
commit d524491b503eca2a1b9f2c2eec8cb958ab249185
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 16:40:14 2010 -0500
Fix printf format arguments.
commit e6cb2455ed3dd1b41828285522d785389d3b82f6
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 16:05:55 2010 -0500
Change echo -e to printf to remove a bashism in postinst script
commit b905b750358b65c3fdf0ea597f5e638b26034714
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 15:05:12 2010 -0500
Make the id->id_vname clone string names unique.
commit ea014fa3cfc9c7609b91a4e0fd7c4161a5ffab3c
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 13:31:58 2010 -0500
Fix printf arg: "0" is not a valid flag for %p
commit eb1d14b97d1ef5fcae4e272879d70df722282cc4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 12:32:02 2010 -0500
updated changes
commit f2f9cbf6687d92fff76e0e5067ed13c085df23f4
Merge: a698f38 5accd71
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 11:34:06 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit a698f384a12d66ebf3273ddd549da08fa9174f29
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 11:33:17 2010 -0500
Ensure the mast0 device is up, now that we no longer call "ifconfig"
in kernel_mast.c since it no longer requires setting an IP address.
commit 5accd71761b687bd2c0f5a20c6003331e54c0e29
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 11:23:43 2010 -0500
Fix printf format arguments.
commit f5144b7e498e3006e7a9542263abc2636c407fe7
Merge: 10e666f 53d75d7
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 10:43:33 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 10e666f9d6f4a0621db11c660a5dd04437c80fed
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 10:43:20 2010 -0500
Add a missing then in _startklips
commit 53d75d7c9dc6b77afac312c30a190fc7f3ec8664
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 22 10:38:36 2010 -0500
Do not configure an IP address for mast interface. We route into it
using the route 50 table from the main routing table.
commit 65cd43530a47aeb8ac782d54678f2e54cb2ec2c6
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 22 09:07:53 2010 -0500
Do not link the builds for Debian against lber as USE_LDAP=false (default)
commit 1d2d32ed158dceebd8d29030cbb9b4a619821814
Author: Simon Deziel <simon at xelerance.com>
Date: Sat Nov 20 15:51:37 2010 -0500
Remove useless virtual interfaces in reverse order.
commit 693ecb745d33935a980b3cc1b2dcce6f682956c1
Merge: 63ee302 218dc3d
Author: David McCullough <david_mccullough at mcafee.com>
Date: Sat Nov 20 21:35:18 2010 +1000
Merge branch 'master' into klips-ipv6
commit 218dc3d65ded02257e12c726f01c0d186f941c9f
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Nov 19 14:26:59 2010 -0500
Remove all ipsecX when protostack=mast
commit 7a6cc9e9f2a4692f1e5da7c78b52fa2f32ced38b
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Nov 19 13:46:26 2010 -0500
Cleaner removal of the "secondary" keyword that was used to create ip aliases on virtual interfaces
commit ac11f13e3bc9ed6b3414354cc36cc1b5cfde281f
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Nov 19 13:36:57 2010 -0500
Remove "secondary" keyword that was used to create ip aliases on virtual interfaces
commit fb30cbd32eaa3d04eee575f8ac538c86068da020
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 19 12:46:23 2010 -0500
updated changes
commit f98730ef732fa025b652534c5b2f01181a1f3f35
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 19 12:42:24 2010 -0500
KLIPS: Better interface handling in _startklips
Some code assumed ipsecX already existed. This might not be true anymore
in the near future (and was never true for ipsecX > 2)
We now tncfg --delete mast0 if we use protostack=klips
We now tncfg --delete ipsecX if we use protostack=mast
This should reduce clutter of unused interfaces.
Note that currently, ipsec0 cannot be deleted. This will get fixed soon.
Perhaps the code needs at least one of ipsecX or mastX for safety reasons
on handling /proc/net/ipsec/ files. If so, the module init code will have
to ensure we always have one type of virtual interface set.
commit 63ee302c2cacc7ed40a285f80c3ec6790ff616a5
Merge: c32a029 4d65a79
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Nov 19 15:19:53 2010 +1000
Merge branch 'master' into klips-ipv6
commit 4d65a7946824b24a92515289ff691cc30a6f0306
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 18 23:19:00 2010 -0500
updated CHANGES
commit a57c494aa76395ffdcbfb3c30fedc9664659e81b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 18 23:11:08 2010 -0500
updated changes
commit e31f38dcfd1bfabee26c7348c5d8edad59fe9624
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 18 23:09:53 2010 -0500
Added pluto option --impair-shared-phase1 which causes pluto to never
share a phase1 with multiple tunnels. This is used for benchmarking and
stress testing
commit ccb855a7e81e1a5fcb23500e89c442948d974f97
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Oct 25 11:26:25 2010 -0400
avoid routes towards virtual ipsecN interface
The issue was discovered by Roel van Meer, who provided the original patch.
* Roel van Meer writes:
> When openswan is used with klips, it creates a virtual device at
> startup. The virtual device is associated with a physical device and
> the ip addresses present on the physical device are also assigned to
> the virtual device. By assigning these ip addresses to the virtual
> device with the same netmasks as they have on the physical device,
> routes for locally connected networks are created through the virtual
> device. In most setups, these routes are never used, since the route
> through the physical device takes precedence because it was installed
> earlier.
>
> However, in some setups, the route through the virtual device would
> take precedence, breaking connectivity to these networks. This happens
> with Ubuntu 10.04, which has non-zero-metric routes and when using
> Julian Anastasov's routing patches.
>
> Avoid creating these routes by assigning ip addresses to the virtual device
> with a netmask of /32 (for ipv4) or /128 (for ipv6).
>
> This also means the ubuntu route metric fix is no longer necessary.
Signed-off-by: Bart Trojanowski <bart at jukie.net>
commit 84d22b9c1f9922a3981350e0d912dddb2ebfbc59
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Oct 25 11:24:24 2010 -0400
fix interface parsing in getinterfaceinfo()
- otheraddr needs to be returned even if empty (thanks Roel van Meer),
- return type as before IPv6 port
commit c32a029f3d105ff458ab30244c9132f3b4c912d5
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 18 22:44:49 2010 +1000
Compilation with CONFIG_IPV6 undefined
Make sure it still builds for kernels with IPV6 support disabled.
commit b1e438f2a08fbe2e64c6c785382bee30707b50e3
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 18 21:51:05 2010 +1000
Switch to normal C style comments
commit 774711b34376aa827c2efce936ee98be2acb7967
Merge: 3408e36 e1541a1
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 18 21:50:07 2010 +1000
Merge branch 'master' into klips-ipv6
commit 3408e36fa4c895286e0a0bbefe537f39c130b6bd
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 18 21:48:12 2010 +1000
Fix args to inet_addrtot
Compiler warnings due to incorrect args passed to inet_addrtot.
commit e1541a10548cdcd65a6d6c699bf895a12fd9e31d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 17 10:20:43 2010 -0500
updated changes
commit f1fa738e3a5530a1b6972407e138043e4dddf301
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Wed Nov 17 10:17:00 2010 -0500
This is related to redhat bz #646718, which is related to interop issue
between Openswan and Racoon2 in transport mode.
This patch has been tested by redhat QE. It specifically checks all
received notifications to determine the presence of USE_TRANSPORT_MODE
as there may be multiple notifications, and USE_TRANSPORT_MODE may be
or may not be the first one.
commit f100262e4e9739789be5dca298fed437d8b3378b
Merge: b19ed5a d57e51f
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Nov 17 08:59:33 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit b19ed5a79d0957fb50ac939559860d287cf762da
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Nov 17 08:58:08 2010 -0500
Support ipsec10 (or mast10) and higher in the interface="ipsec10=eth10"
commit 4cc750be24f5a90f6eb782a40d32651dc211d107
Merge: e6c8167 d57e51f
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Nov 17 10:33:56 2010 +1000
Merge branch 'master' into klips-ipv6
commit d57e51f66f61bc78460cc799d0558be8892aa3b8
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 16 10:58:19 2010 -0500
added comment
commit 4ac19dbe595eb2317a5b7a3b6f77610f31070718
Merge: 78428c2 0768ab8
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 16 10:51:14 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 78428c288d602f0b8d778441b4ff4d9c8b0841dc
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 16 10:50:54 2010 -0500
updated changes
commit 2358dcf5f324a819fb1c19da92befbd5a2823816
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 16 10:47:22 2010 -0500
Log and ignore IKEv1 private notification type 40001 for Netscreen.
(payload contains the internal IP address)
Furtunately, the FreeS/WAN forefathers were strict about proprietary
extensions - rejecting unknown extensions is the way we get to know
about them in case we need to add any (non-IETF) interop code.
Patch by Andreas Steffen and Daniel Fritz
commit e6c8167e0a533224784f054fdad08635ceb7c834
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Nov 16 16:22:26 2010 +1000
Fix string compare, == won't do it
Also fixes a compiler warning.
commit 0768ab88228e92470af7163db0587d2e69466bfe
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Nov 15 14:50:10 2010 -0500
Fix the duplicate help about tncfg --attach
commit e2b6d04c80947c0f692d9e18656cda7b9262b6a3
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Nov 15 22:01:28 2010 +1000
netkey interop with IPv6 and IPCOMP
Tested all combinations of IPCOMP/IPv4/IPv6 against netkey,
everything tests out ok with large and small packets.
commit cb2814674bd4ce8b4d8d9f84cdb857b94286332b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Nov 12 20:16:41 2010 +1000
Fix up OCF ipcomp for ipv4 packets
Fix up a miss-merge from cfbb62e7dc1bdd67dbabb77557739c87beb8f13b
commit 9fd563586d9fb16391bd5b24189d5b57d0a20c7d
Merge: cfbb62e 4bbd87a
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Nov 12 14:04:33 2010 +1000
Merge branch 'master' into klips-ipv6
commit 4bbd87a36ef47cd677a04d676e11a5cb86fc395f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 11 21:49:38 2010 -0500
Move some initialisation code around to work on older compilers.
commit 1cb0652942a2e803c9322804fe5ca204856155ba
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 11 18:26:18 2010 -0500
David's nicer patch for compilers with no PRINTF_LIKE(x)
commit 896a7049cdea8b0ff3967ac860da124ccef3da61
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 11 18:18:50 2010 -0500
David's patch for compiling on older 2.4.x kernels that have no moduleparam.h
commit cfbb62e7dc1bdd67dbabb77557739c87beb8f13b
Merge: 4960e5b ab0f51b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 11 15:14:15 2010 +1000
Merge branch 'master' into klips-ipv6
Conflicts:
linux/net/ipsec/ipsec_ocf.c
commit ab0f51bdc4c3631c7c942cd327f9db67d2a3d018
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 11 14:57:26 2010 +1000
Fix up usage of crp_olen as returned from ocf
Fix up use of crp_olen for the returned length of operations. Add some
useful debug to OCF's ipcomp handling.
commit 1937a90c4aa4946e7d717982805dc111f114e235
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 9 21:31:20 2010 -0500
Allow assymetrical protoport= lines when loading a connection.
This is needed for situations like leftprotoport=tcp/80 rightprotoport=tcp/%any
to support "http only" policies.
commit 4960e5b4513aa385634bb608edd04a0009e60a45
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 9 21:31:20 2010 -0500
Allow assymetrical protoport= lines when loading a connection.
This is needed for situations like leftprotoport=tcp/80 rightprotoport=tcp/%any
to support "http only" policies.
commit 056cac0a186daabc302efe7415b24004a2af1d70
Merge: 8de7928 140962d
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Nov 8 14:50:55 2010 +1000
Merge branch 'master' into klips-ipv6
Conflicts:
linux/net/ipsec/ipsec_ocf.c
linux/net/ipsec/ipsec_xmit.c
commit 140962d2fbe99bfc6bec549a0337c36274a622d0
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Nov 5 16:41:17 2010 +1000
Allow LZS compression to be selected
This is at kernel level support only, pluto would need more changes
to be able to select/negotiate LZS.
commit 288158a1d09c422181cdaed12a642ffb01566ddc
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Nov 5 16:34:08 2010 +1000
OCF accelerated IPCOMP support
These changes allow ipcomp to use OCF based HW acceleration.
Currently the uncompressed data is saved in case of error so that it can be
sent uncompressed in that case.
commit 8de792887507bdc3e3cab9516c9fd74c2f30ba8f
Merge: cd4e4ae 75ed381
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Nov 5 16:31:25 2010 +1000
Merge branch 'master' into klips-ipv6
commit 75ed38199b900d0e90c0548792c9ee78f566233d
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Nov 5 16:25:12 2010 +1000
Rename IPCOMP_DEFLAT to IPCOMP_DEFLATE
Rename IPCOMP_DEFLAT to IPCOMP_DEFLATE to match the names in ipsec_policy.h
commit cb435402026c40d2a459a8854fb32f6f46cc8797
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Nov 5 16:21:22 2010 +1000
Add IPCOMP_NONE to match ipsec_xfrom.h defs
commit 1da8410c3d49ec4f3ebb540cdc665bd9c57e1403
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Nov 5 16:16:53 2010 +1000
%pI4 not supported by standard sprintf
so exapnd out the old NIPQUAD options to get useful output in the testing
code.
commit cd4e4aec1e546631313bf3e0a75f74e13bd14421
Merge: c4a1960 ce114c5
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 21:20:30 2010 +1000
Merge branch 'master' into klips-ipv6
commit ce114c555cb956e0411619e509a0eda64fbb4a17
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 21:10:09 2010 +1000
Remove last bits of NIPQUAD and friends
Follow Harald's lead and get rid of NIPQUAD altogether.
commit c4a19605b8b080bb4a358b7a433b916ef4fb0ee9
Merge: ccdb0c7 b329af3
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 16:38:31 2010 +1000
Merge branch 'master' into klips-ipv6
Conflicts:
linux/net/ipsec/ipsec_xmit.c
commit b329af3de7bd326036304f61a6d3c81c768247a0
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 15:55:02 2010 +1000
Handle heavy loads gracefully
Under heavy loads (usually with HW crypto) openswan will exhaust
is TX descriptors.
Oepnswan was only stopping it's queue once it was full and a further
transmit was requested. This was inducing a memory leak in the kernel.
It is also not the accepted way to report an overly busy device.
Clean this up to stop the Q as soon as we fill up. This prevents the leak
and plays nice with the kernel.
commit 20857a148793bf5215e98216902a3f76a3801f91
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 15:31:03 2010 +1000
Cleanup use of IPSEC_NUM_IF and IPSEC_NUM_IFMAX
This was a bit of a mess with IPSEC_NUM_IF used when IPSEC_NUM_IFMAX was
intended in a number of places. Also a couple of bad edge cases where
arrays could be indexed at IPSEC_NUM_IFMAX which is off the end.
Get all the usage consistent and fix the bugs.
As a side affect, you can now configure ipsec4 with tncfg without having
ipsec3 configured, which seemed to be the intent, but was not possible.
/proc/net/ipsec_tncfg shows all configured devices now and not just those up
to IPSEC_NUM_IF. Which is traditionally less than IPSEC_NUM_IFMAX.
commit 4207d72af0540a17a92ffae5bd929d19346b57b4
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 15:26:58 2010 +1000
Allow you to configure IPSEC_NUM_IF
Allow the user to configure IPSEC_NUM_IF via the CONFIG_KLIPS_IF_NUM
option. This is the number of ipsecX interfaces to create at init time.
As before, more can still be created by the user with tncfg --create, up
to IPSEC_NUM_IFMAX.
commit 943f283fd0e1d3aeaf751735e4de36ded209e55b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 14:51:31 2010 +1000
print formats argument missing on new kernels
Don't just ifdef the argument on new kernels or it will not match the fmt,
include the appropriate new value :-)
commit 9276c6e3db2d4e452ea3646c8840a90f0a817306
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 14:46:12 2010 +1000
Updates for linux-2.6.36
route dst and NIPQUAD/NIPQUAD_FMT changes in the new kernel
me some more kversion changes are needed.
commit 34d16e6d6e3a325d4a72e539e3ec4a47e19f3b07
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 14:36:31 2010 +1000
update to latest OCF cryptodev.h
commit ccdb0c7811da91404ac2d48e990d87ba2fab7a7d
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 13:53:22 2010 +1000
Post merge from master fixup
The changes from 0b02a5ab6fadcdabe33b295c95e581f7a505d326 did not come
across completely in the merge. Fix that up now.
commit 3245451edb1389886acb706d4a0bfce268027180
Merge: 13c9381 b7e63fc
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Nov 4 13:47:56 2010 +1000
Merge branch 'master' into klips-ipv6
Conflicts:
linux/net/ipsec/ipsec_tunnel.c
commit b7e63fc98e5db495f9ba6fbf3eec4ea773daff12
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Nov 3 15:07:07 2010 -0400
Add a proper Default-Start for Debian packaging
commit b62537a790e9bfee46fdd078e2b6b7a95d680af5
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Tue Nov 2 07:50:07 2010 +0100
fix internal manpage number to comply with external one
commit d39cd607d920d26a623a82be19483fa7b0842fac
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Nov 1 13:44:45 2010 +0100
fix little xml/manpage naming issue
commit 204e3d99484267fc8b2016ec31381f7453d58707
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sun Oct 31 23:05:47 2010 +0100
modified manpages for doclifter compliance and used them to produce xml files
(unintentionally reverting previous change)
commit 85adb2be418a23187421e76ce37f20b0a16d4c75
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sun Oct 31 21:42:46 2010 +0100
modified xml files to later produce better manpages (added ipsec_)
commit 65262a9c873e2d24ea0cb00d1734b101527d27ec
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sun Oct 31 03:59:51 2010 +0100
fixed some little manpage problems
commit 550e85477760307c2f81ca540b093efacca57674
Merge: a629afe 46a7b65
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Oct 30 16:13:50 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 46a7b65f774590f69879b3d05fddf90e55bfb8c5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 29 17:28:37 2010 -0400
Set pluto_listen to NULL instead of "";
This avoids the bogus error message when no listen= option is specified:
| invalid listen= option ignored: empty string
commit 12d898847eaf58543d9f506971ff39e3be316f97
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 29 15:38:30 2010 -0400
update changes
commit 2694109d3fc1a756c1ba9131db037d67761c9540
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 29 15:36:28 2010 -0400
Added HAVE_NO_FORK?=false option to Makefile.inc. If set to true,
this will force the --nofork option to pluto, and change the adns
worker to use vfork() rather then fork()
commit a629afe077a23c465196aeb3dbed8c134a98ba80
Merge: 92dcf66 9cde00e
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri Oct 29 20:20:39 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 9cde00e2f54919b98044f3c4740a99df424a05a5
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Oct 29 15:59:22 2010 +1000
Fix nommu workaround to set length to 0
commit d183e1f6231c58ba6b3e453ef087be6308e0f392
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 29 00:16:46 2010 -0400
On __uClibc__ if init_adns cannot find /proc/self/exe, try to find
lwresq without using a path. It seems some nommu kernels do not have
/proc/self/exe.
commit 221442bc1df98f07d25bad5a15264f927122c5f9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 28 23:53:55 2010 -0400
updated changes
commit 16989a3d0849ae8bb71df396d7f76ab4d6a63c03
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 28 23:53:00 2010 -0400
If pluto is started with --nofork, then also disable nhelpers
This is needed for systems without the fork() system call.
commit dc49223c008cc2e4ad7307fe5d6f566a1ba7f61b
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Oct 27 23:11:28 2010 -0400
Rewrite NIPQUAD() using %pI4 as the macro has been removed from 2.6.36
commit 92dcf66d2ab8c8230e160ae40d5566d6377e4026
Merge: 7904955 af3f3f5
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Oct 27 12:08:30 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit af3f3f5ac0fd25ae3d642265d0795400ed499fb2
Merge: 4d3fcc5 aa4337b
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Oct 26 16:12:49 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 4d3fcc5fd4e62ee33312448fd1bc8a2878a7b8d2
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Oct 26 14:01:44 2010 -0400
Update the Lintian override file about long man page line
commit 7d94aeca6623fad25454955a559ec6e45ac6ab63
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Oct 26 13:57:53 2010 -0400
Move the comment about the LSB header of the init as Lintian complains about it.
commit 0c60580633c361187d9894531881fd6681a8f5f2
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Oct 26 13:56:39 2010 -0400
Fix Vcs-Git to make debcheckout happy
commit aa4337b77617ecb309ef184a731c65e31fcbc97f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 26 12:46:52 2010 -0400
Fix CROSSCOMPILE.sh doc
commit 74e38119e8ae1ad28500e641962398859eeb0ead
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 25 20:56:24 2010 -0400
Fixup of previous pushed patch. I used an older version my mistake that
had one error
commit 3fcc4a7c581c766dc36acb2dd3a3b3031b898e62
Merge: 7e34a6f 5c5e1d0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 25 20:51:20 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 7e34a6fd309ebaae46a42fd0b0726c0f26fecc78
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 25 20:51:02 2010 -0400
updated changes
commit 348239c29e4f4b84ca53a6b9b416a4cf3c82c1f1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 25 20:47:47 2010 -0400
Added COMPILER_HAS_NO_PRINTF_LIKE to work around using an arm-elf
cross compiler that fails to use PRINTF_LIKE(x). This has no effect
unless defined in USERCOMPILE (or CFLAGS)
commit 5c5e1d05b277e40d52ed8200eec647dd060ff98f
Merge: f62010e e04cf7f
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 25 17:32:27 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit f62010eb2e5364fe51d49594b170193d7bfb5281
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 25 17:30:47 2010 -0400
Remove a bashism for a better Debian compatibility. Thanks to Harald Jenny.
commit 790495598a6d579152e99327f60b4a40f6e2942a
Merge: 200416a e04cf7f
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Oct 25 22:21:36 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit e04cf7f246cb5a794b9830fa4aaacb8591b48eea
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 25 16:18:51 2010 -0400
updated changes
commit bec648a46690cac1281b0fd8cb0373cbdce00839
Author: James Mead <james.mead at gofreerange.com>
Date: Mon Oct 25 16:17:12 2010 -0400
Bug #1160 init.d script not reporting correct exit status on parse error
commit 33db54019b482ec446c12e29760234fe149bc116
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Oct 23 13:15:48 2010 -0400
updated changes
commit 0b02a5ab6fadcdabe33b295c95e581f7a505d326
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Sat Oct 23 13:12:39 2010 -0400
Fix for https://bugs.openswan.org/issues/1095
When local esp or ah packets are marked with iptables like:
Chain OUTPUT (policy ACCEPT 5080 packets, 958K bytes)
pkts bytes target prot opt in out source destination
5080 958K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x1
packets will rerouted due to the change of the mark in the OUTPUT
chain. The packet appears again on the ipsec device and will be dropped
with
klips_debug:ipsec_xmit_encap_bundle: shunt SA of DROP or no eroute:
dropping.
I think there must be also an exception for local esp and ah packets
in ipsec_tunnel_SAlookup (see patch) as for udp/500 and udp/4500. The
problem concerns both versions 2.4 and 2.6.
This was tested on kernel 2.6.22.19 and openswan 2.6.24 and openswan
2.4.15.
commit 200416af1b4efd8643b6ba51094ab8df8e7eea47
Merge: f565faf 2964e05
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Oct 23 09:27:41 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 2964e058347a1b8c2ef18ee40a36979943bef9a0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 22 14:43:29 2010 -0400
Fix missing brackets on saref=conntrack check
commit 5804e8391d89609d482b8d5ee130e38f2a728e15
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 22 13:34:44 2010 -0400
Fix/workaround for https://bugzilla.redhat.com/show_bug.cgi?id=636572
We pick the Fedora over the Debian interpretation, because we'd rather
not start then start too often by accident
commit cf8bfa7710d824a68a1b3573d6eb0de15ed566b2
Merge: f39e73e a736ba2
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 22 12:17:52 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit a736ba293babf6706b75deaad5c69dfc32930b66
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Oct 22 11:44:51 2010 -0400
fix a couple uninitialized variable errors
commit f39e73e5cd49dc75eb0dbb2a11047d0d6d8eb4aa
Merge: d627b9b bdd6181
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 21 15:06:30 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit d627b9b0fefaa5852b7662670aff384e260810b6
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 21 15:05:31 2010 -0400
Rename cross-compiler.txt -> windows-cross-compile.txt, as it is
different from generic cross compiling (as described in CROSSCOMPILE.sh)
commit b614dae2a05f5d2a40a8638ebe6c32ca4e0e2d5b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 21 15:04:35 2010 -0400
Move programs/pluto/routing.txt into docs/
commit f565fafd291bf7034e13b3e50e1b142676a056cb
Merge: ab66bf1 bdd6181
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Oct 20 22:24:53 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit bdd618100e0bbb08ce7bbf6717f353b6265ac4ca
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Oct 20 15:56:51 2010 -0400
Remove RCSIDs
commit ab66bf1783c4514f39634db655d23c483f5f2aee
Merge: cf490ed 9ef10a1
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Oct 20 21:32:54 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 9ef10a1a98febbd0144ee2e7a42c74f6e3bed33b
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Oct 20 14:04:26 2010 +1000
IPv6/iproute2 changes from klips-ipv6 branch
Bring in the iproute2 only version of this script from klips-ipv6.
As a side affect, all IPv4/IPv6 addresses will get added to ipsecX now.
Also fix a small issue with the maxmetric stuff not ignoring errors
and then going on to do things it shouldn't be.
commit 13c93818fd16275105abdd9b4a9d1af6cd42264f
Merge: 9ecb973 b8ba950
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Oct 20 11:31:15 2010 +1000
Merge branch 'klips-ipv6' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into klips-ipv6
Conflicts:
CHANGES
programs/pluto/Makefile.options
commit 9ecb97339ec07d1f75f70b811c3fed44efab58e4
Merge: c5cbfce 11dfbf8
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Oct 20 10:49:51 2010 +1000
Merge branch 'master' into klips-ipv6
commit 11dfbf887846b1298dbccd7550bbd917037ee3af
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 19 17:43:31 2010 -0400
fix merge of leak code with Simon
commit 89b2c9e5755de3235a9714d2eb38226204c29579
Merge: 114f311 b8fa29b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 19 17:38:12 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 114f31165548de35872a06caeef2559e51b13d48
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 19 17:37:44 2010 -0400
Change direct -DLEAK_DETECTIVE into USE_LEAK_DETECTIVE Makefile.inc option.
commit e21d91268c27e0f8869bcc75479f3112145b36d7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 19 17:36:57 2010 -0400
updated changes
commit b8fa29bc5ec6837e86316a847bef050374ffd537
Merge: f26d3cc 2f014c2
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Oct 19 17:29:12 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit f26d3cc6aa95f21edf48b9fa0a1798aab9788e75
Merge: b2a1d2f e98d7d4
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Oct 19 17:26:55 2010 -0400
Fix git conflict
commit 2f014c22fe7c2a99c2b35cbe5b089323f94e6657
Merge: 0154bc8 e98d7d4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 19 17:21:39 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
Conflicts:
CHANGES
programs/pluto/Makefile.options
commit 0154bc84d644c5b23c80fdf6378b75fa23339d5e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 19 17:08:19 2010 -0400
updated changes
commit 6fb84a212a9c286a135cf62e4f583565c874aedf
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 19 17:07:30 2010 -0400
LEAK_DETECTIVE was still being activated in programs/pluto/Makefile.options
commit b8ba950678210a280733876f741d538494b3daa3
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 19 17:08:19 2010 -0400
updated changes
commit e98d7d46ecdeb8d6380418828a3dac3e5481efcd
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Oct 20 00:07:43 2010 +0300
Update changes.
commit 887236816973efca3f262840e05bfa18aa446d17
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 19 17:07:30 2010 -0400
LEAK_DETECTIVE was still being activated in programs/pluto/Makefile.options
commit 92442a710a4e18f72405aa699575a2cfa1123c43
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Oct 20 00:06:19 2010 +0300
Don't enable LEAK_DETECTIVE in pluto Makefile.options.
commit b2a1d2ffb7fd283c8cacb830682ec7bfb35cca39
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 18 23:13:43 2010 -0400
Properly enable/disable LEAK_DETECTIVE
commit 92e419543477fdd169e5f30bec411efccbf170f6
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 18 21:13:35 2010 -0400
Make debs generated from git to have a lower version than released ones
commit c5cbfce3b708a4fb2871113fab1400afcae13a9d
Merge: cd36eff 6b2067d
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Oct 19 11:13:32 2010 +1000
Merge branch 'master' into klips-ipv6
commit fee757fa4614cba9d61fd296187bee4c700dc7b9
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 18 21:10:02 2010 -0400
Fix an invertions in update-rc.d agruments order
commit 6b2067d3a2cc55eaa2d2ccd290591e7b53ea66dd
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 18 19:57:07 2010 -0400
Clean debconf DB on purge.
commit 1aa0e05728f5640f5d40e70cd302aad0e214a408
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 18 19:56:33 2010 -0400
Add a low priority question about autostarting Openswan at boot.
commit 200c29a3c2fe8cf3eed54ed901c12526ed23299b
Merge: 66badcf 4bd27c8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 18 13:29:50 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 66badcf7df19f461215942ef6eae932810d092d1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 18 13:29:38 2010 -0400
updated changes
commit 4bd27c8e12298a422fb30573b6d409fe7015a552
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 18 12:09:44 2010 -0400
Fix a lintian override about man page long line
commit cf490ed35f5c149732179bf23eb4c36db4068bdd
Merge: f185bb9 97e25a6
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Oct 18 18:00:17 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 97e25a65c4108d60aab5a2f85ce62c8e83f1a43c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 18 11:58:11 2010 -0400
update changes
commit aaee5c6a8d101c99693b60986d13db6c809833e4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 18 11:57:33 2010 -0400
Fix for OCSP compile of commit 934ce6c9443832c
commit f185bb9a453b74b7a90148313bb183043e8219d7
Merge: e9392bb bf46e61
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Oct 18 17:18:59 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit bf46e619e1cdbf088cdf524b19b76470df322408
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 18 11:00:06 2010 -0400
updated changes
commit 3b9c3920b6e0ab6c79617e174429f2988e3176ce
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 18 10:20:02 2010 -0400
updated changes
commit 4db1bd8f8ab90e4602918dcb610a7d1e8a154b1c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 18 10:18:43 2010 -0400
disable LEAK_DETECTIVE. We found an issue with a double free that needs
to be resolved before enabling it for everyone.
commit e9392bb7e52d3018bad8399e1c885bfc56919104
Merge: 5793de8 47f79f1
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Oct 16 15:00:04 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 47f79f15e130b30d4565029419900a36610ff1ac
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Oct 15 20:20:17 2010 -0400
Make the deb prodced by openswan-modules-source arch-dependent
commit 5b884a844bb2b1c30f7be076beef7b16cbf2668e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 23:04:54 2010 -0400
left over merge marker in CROSSCOMPILE.sh
commit 1e85e61ff6ca9adee4c343c5363dbe55220e708d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 22:26:44 2010 -0400
update cross compile info for BLFT file format
Conflicts:
CROSSCOMPILE.sh
commit 934ce6c9443832c6c2fa1a125f79712bf896b924
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 22:02:46 2010 -0400
Split the DBG(DBG_CONTROL call in two calls, to avoid #ifdef's within the
macro call. Some older arm compilers do not like this.
commit 3b54afdde683c8b477d754a3af0682cc7f4813d4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 21:52:05 2010 -0400
Example script for ARM cross compile
commit 323858f0835b328eb09ec62d0cd06b2f1f710906
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 21:44:27 2010 -0400
remove rcs cruft
commit 8324468640c9d2d6e690eafab8d6aec1ac81d975
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 16:57:42 2010 -0400
Enable LEAK_DETECTIVE per default.
commit 5793de8ea399b233ebb05db3df4a60778bb8bddb
Merge: 6d72efb 37645df
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Oct 14 21:28:33 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 37645df66f2f2309ece4771bbbf6635153771102
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Oct 14 15:23:53 2010 -0400
Update translation files. Thanks to Debian
commit 22f73bc4329c298088853a34ac6235ea4255a7db
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Oct 14 14:42:03 2010 -0400
Remove unused template
commit e3a8fd303976a49e7ffa669e48007e7194e5f3a5
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Oct 14 14:05:11 2010 -0400
Add some PHONY targets
commit 7a71a67f210b13cb90f0c737814edfa61dd687ea
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Oct 14 13:57:41 2010 -0400
Update various packaging recipes after the /etc/rc.d links removal
commit 6d72efb1fd50a0707526860b35a1ad425e9557c8
Merge: e6dc6ab 3cde947
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Oct 14 19:45:06 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 3cde9478e5c809c86b15e409a97d95c6b9a97010
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 13:41:33 2010 -0400
updated changes
commit 17835b7549070266716d1d95adc6c4db29777fa9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 13:39:53 2010 -0400
no longer install all the rc.? directories and symlinks. These days
distros have their own way of handling autostart, eg with chkconfig
or similar tool.
commit e6dc6ab89eb7de616fecd45a31f3f931d1a23497
Merge: 7545c1e ef8a3de
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Oct 14 18:58:50 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ef8a3de5cbc4064681f22aadf85c4fe8b7c6215b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 12:36:23 2010 -0400
updated changes
commit e21a796076b732ce36746741fe8424054f9d6dc6
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 12:35:09 2010 -0400
updated changes
commit a82afde71f5477dfb150183260c2c96ef75c731c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 12:33:04 2010 -0400
Don't try to fill in the traffic selector struct in the IKEv2 child SA
if we did not receive them.
commit f17602d894c26f40b25df125000bcf8a8fa4a2a9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 14 10:52:03 2010 -0400
Put Andreas his last name in the README too.
commit 7545c1e9658b32abce7b0757a748e79eeecc15b2
Merge: e3d4c14 c8e9f73
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Oct 14 11:55:11 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit cd36effbc1a2bd6af2c39781c589b6bbbc2a5165
Merge: 6ba3582 c8e9f73
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Oct 14 15:12:34 2010 +1000
Merge branch 'master' into klips-ipv6
commit c8e9f73f8b817eae65721f64a328144d96478db3
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Oct 14 13:51:10 2010 +1000
Incorporate suggestions from Paul
commit dbd02a9f7cddd903180528ec0c117096ba0b8cea
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 13 16:48:50 2010 -0400
In report_leaks(), report the total number and size of leaks. Also log a
message no leaks where found to make it easier to grep logs for leaks even
if none were found.
commit d01e5cf53a0b4f7a90e085f709a574645f193a0b
Merge: 28383c6 3b3789f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 13 16:22:11 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 28383c629c9c7b55f4cd2aa327f2c3b08d523016
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 13 16:21:41 2010 -0400
Put the report_leaks() call back where it belongs
commit 1a31a4925451e149eb6e9bd6ae6b0009fe1dc425
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 13 16:19:11 2010 -0400
Add commented out -DLEAK_DETECTIVE option to Makefile.inc's USERCOMPILE
commit e453c360df341d72b20457bf9f89bb3c83b26b3a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 13 15:56:25 2010 -0400
remove rcsid
commit 36ee1996a1d8f769a96412cd310e8f9c9300e9ca
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 13 13:45:02 2010 -0400
Add target for sarefpatch.
commit 3b3789f6d0ed0b435206031eaf72d6c81c397b94
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Oct 13 11:22:32 2010 -0400
Do not change the runlevels on updates
commit be031c0502016a7244a6bdcbeabef190558838df
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Oct 13 11:14:14 2010 -0400
make modclean/moduleclean will autodetect the kernel version (2.4/2.6) like make module already did.
commit 917694e9a8533e79758be077daa7a1787ba379dd
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Oct 13 22:23:45 2010 +1000
Make README more up to date
The README has been rotting for a while, make it a little closer to
current usage/info.
commit 2393db2b05e07613485b8601ffbbf8bda8df766c
Merge: 9337dfe a3fde3a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 12 19:45:26 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 9337dfecca6fe827bd30acf85bfa48c8e3d53669
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 12 19:43:09 2010 -0400
Add -D to INSTBINFLAGS so it will properly create all directories in
case they do not exist.
commit a3fde3ad0db086a57e7f2b3c213a851bd5b10b51
Author: David McCullough <david_mccullough at mcafee.com>
Date: Wed Oct 13 09:27:39 2010 +1000
Stop multiple installs and fix NOINSTALL case
Setup is a special case, we do not want to install it like other programs.
Use NOINSTALL=true so that only our local install target is used.
Fix the local install target to make any directories it may need in case you
are install into a clean directory ie.,
make programs
make install DESTDIR=/tmp/some_test_dir
commit 666bccf365bacaae9b80db756a7c847d7d192ec5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 12 15:50:14 2010 -0400
updated changes
commit 46c375f6d743a825aff2e99733ec1fc823d181c2
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 12 15:49:40 2010 -0400
Fix for #1151: The ipsec module is not removed by 'ipsec setup stop'
commit bfff7774cc91b3badb34ac09264a2c03e14d4f31
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 12 15:28:52 2010 -0400
update changes
commit 2687a234ca9dc3cdbe8260c9c3983f2fa5fb5c23
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Tue Oct 12 15:26:57 2010 -0400
In an mixed enviroment, with both windows 7 and windows xp, xp can't
established the l2tp over ipsec connection because of a missing route
to the client. When the xp client connects, pluto uses an empty NAT_OA
and therefor the l2tp answer packets go right through the default route.
Attached is a patch that ignores the empty NAT_OA.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit e3d4c1462312c416732b578d5bea5d1f3087af99
Merge: 51d4562 8ae2f92
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Oct 11 09:51:42 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 8ae2f925768b0204b2015854ede18c54be68009c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 11 01:04:29 2010 -0400
Fix for libipsecconf crasher when there was an unexpected value for a known
keyword that was rejected in the parser. The parser should not let this
happen, but this at least avoids the assert() on addconn when one connection
has a bad keyword, and the other connections will continue loading.
(this happened with protoport=43 (eg missing "/0"))
commit 344583d6bbc5150fbb314114788fc44dda8418c5
Merge: 1f5b1ed f80d78a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 11 00:19:55 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 1f5b1ed557cf93de97e7870713d2fb050ddf22b6
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 11 00:13:34 2010 -0400
Make ipsec addconn --configsetup more robust when broken conns are defined.
ipsec addconn would read the entire configuration file, regardless of how
it was called. When called with the --configsetup option, it should only
read the "conn setup" and return. To do this, confread_load() now takes an
additional bool parameter specifying if this is a "configsetup only" call.
Apart from optimising the call, I found when looking at another bug
that caused addconn to segfaul reading a regular conn, that not only the
conn, but the entire "config setup" section options were ignored. This
was caused by the conn breaking "ipsec addconn --configsetup". One bad
conn could therefor cause the entire "config setup" section to be ignored.
(I noticed when the listen= option failing to take effect)
commit a503b2f846a87a6a7e77b76e24d98f6644c0b828
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 11 00:11:47 2010 -0400
Fix listen= option when using NETKEY.
The code I added was at the wrong location, because the inner for loop
was actually left via an ugly goto statement, causing it to bypass the
added IP address check for the listen= option.
commit 51d45629884d68a3fd8531f0bd8c24f5b9b47de0
Merge: 724cde1 f80d78a
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Oct 9 13:50:34 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit f80d78af7d816d97445b514c706d291cd2a64d47
Merge: 3ed72b8 aea01b6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 8 17:03:13 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
Conflicts:
CHANGES
commit 3ed72b87fc24528c415213773f0947beba3afaf3
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 8 17:02:47 2010 -0400
updated changes
commit 5691d3121d9225b63bb25d8f5c44ea36f6a30b52
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 8 16:59:52 2010 -0400
Fix for "handling event EVENT_RETRANSMIT for <invalid>"
It seems when handle_timer_event() got refactored to add handle_next_timer_event(),
and some events where also factored into their own functions (eg retransmit_v1_msg())
that the setting of the peer variable was lost (and uninitialised variables for peer were
added to retransmit_v1_msg() and retransmit_v2_msg().
Since these variables were only used once within debugging, they were done directly
without assigning a peer variable. What's left in handle_timer_event() was an unused
setting of the peer variable, which was removed.
commit 724cde1cd7644b02b69c4e9c9e15e3ed95df47c4
Merge: 264b1fa aea01b6
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri Oct 8 16:53:49 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 6ba3582272128514eabda2d05641b3c0b1e8d7ca
Merge: 42deeb7 aea01b6
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Oct 8 20:25:46 2010 +1000
Merge branch 'master' into klips-ipv6
commit aea01b69b861aad45a290dd5e324ff1f0e8ad7d3
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 8 00:45:21 2010 -0400
updated changes
commit 0501f2d37fbd4903968d397cac37f0ae3f0cda06
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 8 00:40:12 2010 -0400
Fix for protoport=47 (no port specified in protoport=).
We now set it to 0 if not specified, as that is what goes into the
proposal.
commit c8792d81da975188937133ecb08edb18c5652974
Merge: 5b1b51d bf504d0
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Oct 7 19:50:43 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 5b1b51d2c285399c548fb66ec84545ca06199504
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Oct 7 18:45:58 2010 -0400
Scalar are better accessed with []
commit e67f5322b4b25495af16596b29ef308cd5d26167
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Oct 7 18:45:15 2010 -0400
Fix a typo
commit 264b1fa751580256b31671f4331be3dd33275ac2
Merge: cbdb0e0 bf504d0
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Oct 7 22:34:57 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit bf504d0bf3b079638e92965a86251a36df39b4fb
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 7 16:14:39 2010 -0400
remove report_leaks() in main mode. Report leaks assumed it is called
in the end, after global cleanup, which is not what happenes when this
call was done (for each incoming new main mode packet)
commit f6bdb46f3d1c1253eb2a5d3a6d545347ad41bf6d
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Oct 7 15:18:54 2010 -0400
Add /usr/sbin to PATH to find lsof when invoked with sudo on CentOS.
commit b1b3c06e8fd4ad4719f1d71cc54a52fab85352e5
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 7 15:16:42 2010 -0400
Added duplicate CVE's to CHANGES
commit 2a3b365d7df291c4c49a6c0418cfeacdb9aed49d
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Oct 7 15:11:40 2010 -0400
Test if binaries exist before trying to execute them
commit cbdb0e039c7b08b9180b1d402cf3422b33a41d3a
Merge: 2c65c3d 6c8851d
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Oct 7 20:34:16 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 6c8851d45aac46ed1518cbb50ed18ca341dc6a9c
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Oct 7 13:48:41 2010 -0400
Perl string comparison operator for equality is eq
commit b5d0d6b9a5d2582800e921cd2d57283cfa1a5025
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 7 13:33:05 2010 -0400
Fix layout of IPsec SAref checks in "ipsec verify"
commit f7dff4e8f55ebb4a55ed296bd5acbc907673d307
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 7 12:49:50 2010 -0400
Add a list and copy of all CVE's related to openswan.
commit 7a93474f156a11a0580fa96f58c2ad93f58f1373
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 6 18:38:26 2010 -0400
We do not want to passert() on a bad option value. Turn into assert()
commit 32b473930d60bbcb23031baa8be7d258aa6ab9e6
Merge: fbb6d54 be492d5
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 6 18:24:00 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit fbb6d54fd67ec6f5433bd9998cdd9c4b2913cc05
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 6 18:17:53 2010 -0400
Quickfix for /proc/net/ipsec/version to be world readable.
This is strange. The mode we set for this file in the proc_dir_entry
struct for "version" is (S_IFREG | S_IRUGO). We call all files to be
created with create_proc_entry() which also uses a mode to pass along,
which was always 0400. Perhaps the idea is that the kernel initialises
it to the mode passed, but then uses the mode from the struct later on?
However, that does not seem to happen. As far as I an tell, proc_dir_entry->mode
is completely ignored.
This quickfix changes the mode for our create_proc_entry() entry when
the name passed to it as arg1 is "version". I don't like this workaround.
commit 2c65c3d197d3126f817430a5258bf84e2803d8a8
Merge: 348d828 be492d5
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Oct 6 21:40:02 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit be492d59d087183eb1aed7748f4d0447b3154df8
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Oct 6 15:35:59 2010 -0400
Update lintian overrides after man rebuild
commit 348d828f18a22d99f0deda06ee24707b77932334
Merge: dcfba54 ac6d745
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Oct 6 21:29:49 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ac6d7453141f3d2ea195cad5ffb60f878f30613a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 6 15:16:20 2010 -0400
add {?dist} to Release: version for fedora spec file
commit dcfba54b3e3e33a9a8eb21ff14c6b738b211b5f4
Merge: 2081237 aee123e
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Oct 6 20:39:50 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit aee123ec4207ad2e868224f0c627bdf9d19bfc8f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 6 14:35:37 2010 -0400
Regenerated man pages
commit 62c9580a6d4236a7ef3bd2128a9cc78cc891136f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 6 13:41:59 2010 -0400
generated man file
commit ff0e035fb9adc23ca190ffd53f3ecc9a2934a665
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 6 13:29:19 2010 -0400
updated changes
commit e1638044730b2d5f8c2d39125a8e4c48e9b5bb4a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 6 13:26:02 2010 -0400
limit the vnet: check instantiation to CK_TEMPLATE only connections. It seemed
in very busy cases (and possibly due to Win7 large modp group re-starting MI1)
we could accidentally try to instantiate an instance.
commit 2081237e00dfafecadf1b3d9c9a3c261cf6bba56
Merge: 1f48eb2 390337f
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Oct 6 09:43:05 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 390337fd18bb3fec8c8a7a002812f2a4035b53c3
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Oct 5 19:40:37 2010 -0400
Fix a typo, s/sareftrackging/sareftrack/ in configuration example
commit 1fa996b7cbc0b7b7cf083d9add62306c3dfbc69f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 5 18:12:17 2010 -0400
Added example configuration for using MAST with SAref tracking
commit d34ca1755740077d71895b15e2158863480f79d5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 5 18:11:58 2010 -0400
regenerated ipsec.conf.5 man page
commit caeb03f30f5ef8cfc549b4351249663ef65a3561
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 5 18:04:51 2010 -0400
fix typos in sareftrack= man page entry.
commit f811b141e033bca58253617cb0493a84372cebf5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 5 17:55:59 2010 -0400
update changes
commit 0d56e9bcb50515cbbacbc91cd450ed97eee53810
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 5 17:52:48 2010 -0400
Added sareftrack= conn option. This passes (via PLUTO_SAREF_TRACKING)
the desired processing of SArefs for ip_conntrack/iptables. Valid
values are "no" (default), "yes" and "conntrack". Currently only
supported on the MAST stack (and _updown.mast)
commit 2711ba08800ebd9d8dfef4376e24a7030049ab18
Merge: 3727020 100a95b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 5 17:20:52 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 100a95b2827180a67aa4382cf2deed86763c843f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 5 17:19:58 2010 -0400
updated changes
commit 093e81b5f43e34ec32e9886dfc4f0ab8e15618ff
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 5 17:18:14 2010 -0400
sa_policy_bit_names was missing ModeConfig DNS and WINS bit names.
commit 3727020498b8570920f7ae8c9a0e9f04a4ca6e51
Merge: d2df430 2976a12
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 5 13:58:55 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 1f48eb25d0f4287953cb007d88af09daee578778
Merge: e5eed15 2976a12
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Tue Oct 5 19:43:22 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 42deeb70e0da50e8313a18749b307e35a6e023ee
Merge: cba4ae3 2976a12
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Oct 5 16:17:23 2010 +1000
Merge branch 'master' into klips-ipv6
commit cba4ae39a6c24d5666edcd8718397459fa663b62
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Oct 5 15:41:46 2010 +1000
Fixup mast changes from head for IPv6 and iproute2
ignore errors when doing maxmetric check, otherwise we try and run commands
with bogus info when we should be doing nothing.
convert getinterfaceinfo to use iproute2
commit 217aeb3e8728b9376d79f6d6347d4228a661f005
Author: David McCullough <david_mccullough at mcafee.com>
Date: Tue Oct 5 15:39:50 2010 +1000
Add basic IPv6 updown support
This seems to be enough to get simple tunnels running.
See how it goes in the wild.
commit 2976a127b0788a9f9384942514b1de83889ac343
Merge: a1bd9ea a2ec7e7
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 4 19:58:48 2010 -0400
Merge branch 'HEAD'; commit 'a2ec7e7a84ddd08e92f0dd1994fcdd1ed0b34774'
commit a1bd9ea67f0518fbb33635638a0e966a1f8dc708
Merge: ab6bc8f 9f4dcc6
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 4 19:58:40 2010 -0400
Merge branch 'HEAD'; commit '9f4dcc631503e6bc3c0b383a24db2aa27207e0e8'
commit ab6bc8fcf090c9c2e9ad7b781b189d439966902c
Merge: be81168 734a770
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 4 19:58:35 2010 -0400
Merge branch 'HEAD'; commit '734a770a783b0b72afd4e6cdc668902f926e4b2d'
commit be8116884d4a9582966a7ec1cd6cf7ebd70b1837
Merge: 8c6142d 8612644
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 4 19:58:29 2010 -0400
Merge branch 'HEAD'; commit '8612644b3112371ba72f2f46bb0da5be1429aa04'
commit 8c6142d8d07aa10dc72ef723d1f83a3ef1d6826f
Merge: f252489 c15630c
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 4 19:58:25 2010 -0400
Merge branch 'HEAD'; commit 'c15630ccc2b49c662b8dde9f85446d91e812dc15'
commit f252489bfdfd229dd66065d005031d301bc0bd3f
Merge: 834abe7 6310a99
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 4 19:58:16 2010 -0400
Merge branch 'HEAD'; commit '6310a99bad5bac4c13d553da913682c7344ec86d'
commit 834abe7a0983e83da3dc2828b644725c638893ff
Merge: a3da783 13b35c1
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 4 19:58:10 2010 -0400
Merge branch 'HEAD'; commit '13b35c171fb9f219a7862d8eab7cfeb62e5598d7'
commit a3da7836c275084dbb5f82e9db0a615063e8dd77
Merge: d13593c d2697a0
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 4 19:58:05 2010 -0400
Merge branch 'HEAD'; commit 'd2697a0bdcd50f0d944b412db62e92a865314c5f'
commit d13593ccf44685ba7292f4cf63e8cc6da972d4f8
Merge: 4c81c8d d7adbfa
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Oct 4 19:57:53 2010 -0400
Merge branch 'HEAD'; commit 'd7adbfaa4cc15b8919df4892a0a220e1490d1301'
commit e5eed15177e48e95392c376c1e2abb486ea973ce
Merge: 3f7c47f 4c81c8d
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Oct 4 23:29:46 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 4c81c8d5017b890aee00c70c39ff7ba329b5f478
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 4 14:00:17 2010 -0400
IPSECBASEVERSION got accidentally overwritten.
commit 6f19546e8932088c1dd8bad8a9a756c4b25e73d3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 4 13:57:21 2010 -0400
Add geode-aes to the list of crypto modules to load.
commit 34be68026593b79fa8ee28d9e7ed580058c874af
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 4 13:56:08 2010 -0400
added --listen option to pluto man page
commit ea47c1bf29bd3aee05e874604bab621989b5ea2b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 4 13:53:19 2010 -0400
man page entry for listen= option.
commit 90df2399fb0b7254c458f46bb6c243658ed39eea
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 4 12:33:13 2010 -0400
Fix oscp.c for HAVE_THREADS. Note the entire file should probably be
ifdef'ed with HAVE_THREADS, since it fully depends on it. This compile
broke by the DEBUG define changes, accidentally moving a time_t into a
DEBUG only section.
commit 3f7c47faebc1eb19400b76453adbabcbf5033ed1
Merge: 131037b ed9cdec
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Oct 4 14:45:58 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit b811e832a5850fa74cb02d09267ab26957887fae
Merge: 27b1877 ed9cdec
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Oct 4 11:37:52 2010 +1000
Merge branch 'master' into klips-ipv6
Conflicts:
linux/net/ipsec/ipsec_sa.c
linux/net/ipsec/ipsec_xmit.c
commit 27b18776321417bc8e244d0b35a177f09ece7547
Merge: c4d6ee3 b0c3803
Author: David McCullough <david_mccullough at mcafee.com>
Date: Mon Oct 4 11:32:31 2010 +1000
Merge branch 'master' into klips-ipv6
Conflicts:
linux/net/ipsec/ipsec_mast.c
linux/net/ipsec/ipsec_proc.c
linux/net/ipsec/ipsec_rcv.c
programs/_startklips/_startklips.in
commit ed9cdec2ab8810c1aff94d454625fb68d125261f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 1 18:30:10 2010 -0400
We cannot xstrdup() an empty string. passert() to give us a nicer
backtrace. This is caused by #1148
commit 131037bffc6b05441826e1e759f6e1e928e42b11
Merge: 9f8d6a9 a5b8d90
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri Oct 1 20:41:06 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit a5b8d909a3bf75096ee687e5b38e052acc07e555
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 1 14:34:08 2010 -0400
Add --listen option for pluto and scripts. This allows listening to
only 1 IP. This is a limited implementation. It does not support
0.0.0.0/0 or multiple IP addresses.
Note: --interface claims to support on ip address, but fails trying
to do so.
commit 442427a1868d667b4f458f09a6a5abd95868b19a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 1 14:33:33 2010 -0400
Debug line was missing format arguments on xauthusername changing
after filtering meta characters.
commit 9f8d6a970dfd0d196a2574b611623390fdeb4d7f
Merge: 1784794 75ee4b1
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri Oct 1 09:11:29 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit d2df430b69b7162a2a372f7869d91214fcca5c5c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 30 22:58:21 2010 -0400
Remove two debugging lines.
commit 5e3ed4fec8d28d14ae47598717ff6b703f0fb614
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 30 22:53:26 2010 -0400
Move the -DGCC_LINT setting from programs/pluto/Makefile.options
into Makefile.inc's USERCOMPILE. This way one can readilly disable
it (yes another arm cross compile issue:P)
commit 75ee4b10f2ce29b288cd18405247a989b5c9bfc4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 30 19:59:36 2010 -0400
Allow version to be "2" or "2.0". Since we no longer support NUMBER (float) in
our grammar, "2.0" is now a STRING. We also remove any checks that causes us to
abort on the version. We've had version 2/2.0 since openswan-2.0.0 and our config
file did go through some changes. This keyword was a bit overkill.
commit dd46e31126ec37dc6213a3202a8a832d123a20fd
Merge: 98c1c86 fa0d8da
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 30 19:38:38 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit fa0d8dad4accc9c3a33b30ddefdb5b958ada4cba
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 30 18:57:27 2010 -0400
Remove some more RCSIDs
commit f1b6ab087f866e1ce43c95b225c654e9e99dd7fe
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 30 18:34:27 2010 -0400
Only check RHEL_RELEASE_CODE version when it is defined at all.
commit a2ec7e7a84ddd08e92f0dd1994fcdd1ed0b34774
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Sep 30 17:59:34 2010 -0400
Fix fr.po to specify the language
commit 9f4dcc631503e6bc3c0b383a24db2aa27207e0e8
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Sep 30 17:54:03 2010 -0400
Update the notice about USE_XAUTH flag.
Sync compile flag of debian/rules with Makefile.inc
commit 19bf3359d0ef48f93c4816a53f3dc8834c4d7226
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 30 17:51:13 2010 -0400
fix XAUTH comment
commit 734a770a783b0b72afd4e6cdc668902f926e4b2d
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Sep 30 17:42:37 2010 -0400
Remove the unused USE_BASH flag
commit 8612644b3112371ba72f2f46bb0da5be1429aa04
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Sep 30 17:40:37 2010 -0400
Add some lintian-overrides
commit c15630ccc2b49c662b8dde9f85446d91e812dc15
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Sep 30 17:39:41 2010 -0400
Fix line lenght for french translation.
commit 6310a99bad5bac4c13d553da913682c7344ec86d
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Sep 30 13:05:10 2010 -0400
Make lintian happy with the debian/NEWS file
commit 13b35c171fb9f219a7862d8eab7cfeb62e5598d7
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Sep 30 13:04:28 2010 -0400
Fix typo, s/preceeded/preceded/
commit d2697a0bdcd50f0d944b412db62e92a865314c5f
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Sep 30 11:31:29 2010 -0400
Fix typo, s/seperated/separated/
commit d7adbfaa4cc15b8919df4892a0a220e1490d1301
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Sep 30 10:36:35 2010 -0400
Fix typo, s/compatability/compatibility/
commit 98c1c869cb1b0ea22d48160440b35ce9b59d1658
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 30 01:11:10 2010 -0400
remove RCSID
commit a6aa70df46f0b48071523fc14ea927f200665e89
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 30 01:09:32 2010 -0400
Enable LEAK_DETECTIVE in non-release code per default.
commit cb38970434ef6923767b38464f6c0e75c9b01e6f
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Sep 30 01:08:13 2010 -0400
Fix for unused variable "ago" when netkey support is not enabled.
commit 7afb0abbabc28a6693d3b772ad41176460a4e257
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Sep 30 01:07:01 2010 -0400
Fix for use of double const modifier.
commit 336da8c6ada46f068aabd0834d0134496c9191b4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 30 00:59:01 2010 -0400
Remove dependancy on atof() which does not exist on all embedded libc's
The ipsec.conf parser actually supported floats, but we have no keywords
that can take floats. Via ascii -> float it got set to 0 anyway, instead
of producing an error (for say keyingtries=4.5). This resolves an issue
on an arm cross compile where the libc implementation des not have atof()
Not yet fixed is the use of int instead of long for integer values. Since
all values are converted internally to seconds, this means we cannot
have more then a salifetime/lifetime of 0.3 days (32768 seconds)
commit d17d1bf4e035fa81264e53678e330db218576ccc
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 28 17:16:07 2010 -0400
Added example for arm cross compile use of USERCOMPILE
commit d64f1331be5d126c19ed5824a60f016f5deab30f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 28 13:02:09 2010 -0400
remove spigrp_c_version
commit f52e069cb10c5218669f795bc1d399aa11fd786a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 28 13:00:44 2010 -0400
Remove klipsdebug_c_version variable and replace freeswan -> openswan
commit a1992b7ab58cade1f65afb1c7c56d798c3301a56
Merge: 0e0eeb0 91f2dce
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 28 12:57:56 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 91f2dce89fac3706f75fa829575bd4906c96a71e
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Sep 28 12:03:42 2010 -0400
Remove some unused variables and rcsid.
commit 0e0eeb0504bc2c12ffdf52d30e0e6384c3e0da48
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 27 19:03:27 2010 -0400
When no CISCO paramters we send, we were accidentally sending a non-zero
string as value to the shell, possible confusing the updown script, eg:
PLUTO_CISCO_DNS_INFO='(null)'
commit ec31515de2d3a8fcde45aef0c59422494b4fece3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 27 18:46:30 2010 -0400
The rewrite of the impossible() call at commit 6c6bfaab0e did not work.
I rewrote it to simply show what it means, which I understood to me,
there is no ESP/AH/IPCOMP transform found.
commit e6bc008af5ee35e09540a9e76346fdf04302c5a4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 27 18:08:09 2010 -0400
Log the enum_name() of the kind of secret, instead of the decimal number.
(though we can only get here if the type is PPK_PSK)
commit 573cb103ad2f996fda2b882f58dc09f977021adf
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 27 18:07:04 2010 -0400
Add missing cause for XAUTH lookup, though we should never reach it.
commit ed01cb590584cfa66cbd0c816ae7d35db5cbee92
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 27 11:05:40 2010 -0400
Don't redefine linux if it was already defined, as -Wall will then
abort on the warning.
commit 2a2194206b71a6d7ffd3dd4ae80290fb2f639d67
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Sep 27 10:01:37 2010 -0400
Remove USE_OE leftovers
commit 178479477e96950f401c16f607441abdee362483
Merge: 409068c 5e272aa
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Sep 27 07:13:28 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 5e272aa26a70cb3efcf1e27750a493c8277ec32a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Sep 26 22:12:13 2010 -0400
The ipsec showdefaults gave a weird error that it could not "find" the
pluto.info file, because it also tests for non-zero using "test -s".
I extended the test to give a better clarification of the error.
commit 3cfc3686c4798bf4bda53474c15aa6a89c1fcfda
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Sep 26 22:02:08 2010 -0400
IPSECKEY: ensure ns_t_ipseckey is defined for older arpa/nameser.h versions
commit 8c36f7ae4cc4c81f42b0471d37401c1cf8731fd5
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Sep 26 22:00:55 2010 -0400
Remove rcsid
commit 183225034607bfc26fdb920d90b993aba701dae2
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Sep 26 21:59:50 2010 -0400
Remove old cvs id.
commit db4d53afa8c29e49f230e804c439b1d0b634ea70
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Sep 26 21:57:16 2010 -0400
CROSS: some old arm cross compiler lacked defines
It had neither _POSIX_HOST_NAME_MAX nor HOST_NAME_MAX.
In such case, fallback to setting it to 255.
It also did not define "linux", but "__linux__". We now always set
"linux" in the linux sysdep file.
commit 960c81a292845335c3eb1adae2b96a316a54e870
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Sep 26 13:42:23 2010 -0400
OE_FLAG is an obsoleted unused flag.
commit 135f0dd92fccfe3de37e0346507b481f7bfd519b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Sep 26 13:41:44 2010 -0400
OE_FLAGS is no longer used anywhere, so USE_OE which only sets that
flag is also obsolete.
commit 9e52dec49c731e8aecaa7f336916e505513d32d1
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 24 18:17:27 2010 -0400
Split a macro in two, because at least one older cross compiler complained
about:
programs/pluto/connections.c:1456:1: directives may not be used inside
a macro argument
There was some #if 0 code there. I split up the macro call in two,
as I wanted to leave the #if 0 code there.
commit 07cd1cddb68e38f26817b93dfe9c56eff5e0c7fc
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 24 13:12:41 2010 -0400
Some linux build (currently a cross compile of kernel 2.4.20 on an ARM)
seem to not have "linux" defined but "__linux__". This interferes with
our code checks that have to check whether they are being compiled as part
of the kernel or userland.
commit b848645e32c713554e796cef066630f4d9ddd892
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 24 12:57:25 2010 -0400
remove unused pfkey_v2_build_c_version[]
commit c1e43a2dc2f46d030f10950f1ffdac6e9755a48d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 24 12:52:09 2010 -0400
bogus variable name when using 2.4 kernels without HAVE_NETDEV_PRIV.
It tried to set dev->priv to "priv_net" instead of priv_dev"
commit 409068c3f115187b680f96b63ff3cf15f63f7d74
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri Sep 24 18:43:05 2010 +0200
fix manpage errors (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595809)
commit dd5c1a87f7032a00422135d14e1f1247b38a40c8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 24 01:16:26 2010 -0400
Check for CONFIG_COMPAT_NET_DEV_OPS (from openwrt patch)
commit 595ad8bea81d8170eb476262be72ec522da98cf5
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 22 11:46:55 2010 -0400
commit e9c8e57ede76 accidentally enabled USE_LWRES. Disabled again.
commit 0ad74920fbe0d92f0df89cf6d085e1e64473d4c3
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 22 00:01:00 2010 -0400
add duplicate bug#
commit 634ff56c0a0ff4707415a441220b8aaaf22d4ef6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 22:44:36 2010 -0400
The 2.6.29 tag will happen likely cut at commitid a8db8204c.
Log all newer commits/changes entries to a new 2.6.30 entry.
commit e9c8e57ede76d09a596b1a12e9d17730a4d3a6d6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 22:38:44 2010 -0400
Increased PAYLIMIT from 20 to 30. This is an arbitrary value.
(Let's hope everyone can do jumbo frames, yes :)
commit 1390f2ecd7527f7a41df2166dda5d0116e344b50
Author: root <root at bofh.xelerance.com>
Date: Tue Sep 21 22:19:52 2010 -0400
update changes (moved two misplaced entries and added a new one)
commit 3cdcbc1dd2bf481c294b097114ded1b1dae6ed14
Author: root <root at bofh.xelerance.com>
Date: Tue Sep 21 22:16:12 2010 -0400
usage() now displays accepted options and arguments.
commit 7feb11e346a3ed60b1548be2381e59bf115afba9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 21:49:49 2010 -0400
updated changes
commit 8d6d41f4a713813320d856ba229197b3eefb74c9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 21:47:59 2010 -0400
Bug #860 Port --random for newhostkey
Note: newhostkey calls rsasigkey with arguments not in its man page
commit 44f11f7289549c712a46b6298ce75aea8799cbc7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 21:29:17 2010 -0400
updated changes
commit 34ecdcd8feecc1da52803cab9988dfb55eb14f44
Author: Mike <msh at ca.ibm.com>
Date: Tue Sep 21 21:27:56 2010 -0400
Bug #1005 Incorrect message "R_U_THERE_ACK has unexpected sequence number"
Description
There are several issues in the code that logs this message:
if (!p1st->st_dpd_expectseqno && seqno != p1st->st_dpd_expectseqno) {
loglog(RC_LOG_SERIOUS, "R_U_THERE_ACK has unexpected sequence number (expected: %u got: %u", seqno, p1st->st_dpd_expectseqno);
"expected" and "got" are actually swapped, which makes this message
misleading. Also this message is triggered only when st_dpd_expectseqno
is zero, which as far as I understand means that the ACK response is
not expected at all
I have seen this message when the peer was slow and hasn't acknowledged
R_U_THERE in time. This issue may be related to 0000996
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 275893fd39097a27bff36224fa9809d80f68641e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 21:04:46 2010 -0400
updated changes
commit 389a924c7bcbe7b94f1a2b3ae3f02facc9eddd10
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 21:03:24 2010 -0400
update changes
commit 6261788f094ba2ea7ca2786adb85a86f5c3d1b02
Author: Michael Smith <msmith at cbnco.com>
Date: Tue Sep 21 21:02:12 2010 -0400
Bug #1054 Startup warning: "ignored obsolete keyword (null)"
With forwardcontrol=yes, ipsec_starter logs a warning on startup with
"(null)" instead of the name of the keyword. Patch attached (I just
cribbed the right variable reference from the "conn" block handling
further down the file).
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit a811024c5f0c103075c9ab79eb650276ce211e72
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 19:20:35 2010 -0400
updated changes
commit b4692770f7583dc41127ef1f2778a4f54c49d8ac
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 19:19:58 2010 -0400
Fix to compile without DEBUG (bug #1040)
Note: sometimes there is a reliance on NO_DEBUG, so the safe way to actually
disable DEBUG is to change -DDEBUG to -DNO_DEBUG.
Mostly fixes to DBG macros, and moving variables inside the DBG macros.
Since this touched so many files, I also updated the Copyrights on these
as based on openswan-2 git history.
commit a879754ad149851b8243413cd838b7951164395a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 17:12:08 2010 -0400
updated changes
commit 8837b440edb3693580d0c1801d3d24fe4a8eb296
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 16:31:23 2010 -0400
When not compiling with DEBUG, we need to include stdlib.h for abort()
in oswlog.h.
commit 6c6bfaab0e5e95310c6dfc1cf5c459ca243de0cc
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 16:17:48 2010 -0400
change an if () impossible() call to a regular passert() call,
required for working without DEBUG
commit 35b92f605f915ee9041a949f5abcae5a0927a134
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 16:05:24 2010 -0400
A struct connection c was only used to assign and then passert()
on the assignment. Likely a leftover when more was done.
commit 08f5ec40bc057a25241015f0506b679a52fe9b42
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 15:04:41 2010 -0400
use ipsec_version_code() instead of old RCS based spi_c_version[]
commit 7fc30bd9999a34711d57075804fb018e2a2b958c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 14:54:36 2010 -0400
pexect() was not defined to 'nothing' when -DNO_DEBUG (or rather not
-DDDEBUG) was set.
commit abe5582615fa9c66018fb8f5d044220ef4d4ef17
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 13:39:24 2010 -0400
updated changes
commit f114db0aeae27fad744be12b3eb79780af6f91a0
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 13:32:13 2010 -0400
remove trailing spaces in comment
commit 8c395d0bd7e9283c4189795dc8fecc0282c7399c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 13:30:24 2010 -0400
updated changes
commit 2187c3f40b1a22594204923b1fa9f21d74a09fca
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 13:29:29 2010 -0400
A bunch of Makefile.inc variables could not be overridden properly.
commit 452ea3c2e8775f04c07cce80bcb28b86441aa87b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 13:25:57 2010 -0400
remove hardcoded -g compile flags from the ISC DNS libraries we use.
commit c3aabe9db71da860c6575abe59d1540309c85f59
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 13:22:04 2010 -0400
updated changes
commit 5b53ac3b94d7f0fc638b31dbc254649aee392aeb
Author: Henry N <henrynmail-oswan at yahoo.de>
Date: Tue Sep 21 13:20:05 2010 -0400
Bug #115: Fix various warnings u_char * vs. char * for sscanf,strlen,strcpy
unpack_txt_rdata: Fix warning "u_char *"
commit f5bca7c2e18ce2767ad69a2ea42ddd726cd28716
Author: Henry N <henrynmail-oswan at yahoo.de>
Date: Tue Sep 21 13:18:04 2010 -0400
Bug #115: Fix various warnings u_char * vs. char * for sscanf,strlen,strcpy
asn1totime: Fix warning "u_char *" for sscanf
commit 0b1af88b37b0125e5b83e03a1fd4b38a2a075195
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 13:12:02 2010 -0400
updated changes
commit 0860d1457e3a96632be1452d8e2b0aa93e18c7f3
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 13:07:58 2010 -0400
Fix for warnings of unused variables "a" and "b" in
compatible_overlapping_connections() when KLIPS is not defined.
This was done by adding .overlap_supported = FALSE to all non-mast
supported kernel_ops structs.
commit f56adef2fb3ac27fe55059679d531cac6ec2f9eb
Author: Henry N <henrynmail-oswan at yahoo.de>
Date: Tue Sep 21 13:07:02 2010 -0400
Fix for bug #1112: Prototypes only, if function enabled in c-source with
KLIPS or PFKEY
commit f045e5fe4b259d7b45aef9da00d146f422f75bf6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 21 00:05:20 2010 -0400
Added back an CONFIG_KLIPS_DEBUG wrapper around a debug line in
ipsec_sa_init()
commit 2442d0e2307d9d7a0985e1893d048c1b54292d6b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 20 21:12:12 2010 -0400
Remove the MODECFG defines around the Cisco code for now, as to not
make it more inconsistent.
commit cb41e44f122b2cacdde4453c5129c4b3667e0ee1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 20 20:30:06 2010 -0400
updated changes
commit c86144ad44780fdfb78cfdc9fcb7344e65956eb2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 20 20:29:33 2010 -0400
Add SAref checks to ipsec verify
commit 7c25097648a086c6d4760c35be8904498efbeca0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 20 20:12:22 2010 -0400
fix indent
commit a8db8204cb6f585bfdb6c089f127b67d22adb504
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 20 18:14:41 2010 -0400
updated CHANGES with references to 2 CVE's
commit 5b9b0b5443445ce3bf62f87d88e81149749b555a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 20 17:38:09 2010 -0400
flowi mark fix for rhel5 based 2.6.18 kernels. KLIPS now compiles and
works again on RHEL5 kernels.
commit 694b0811ecd6ac01e36f8ecc896387b4e7ef2cdd
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Mon Sep 20 10:29:26 2010 -0400
Yup. Fascinating that it didn't crash before since there ought to
have been a dereferencing of a null pointer. No, wait: only in the
case of needle, not haystack.
commit 6752cb35463a7feddb019c114dd0eac1ef0a6e4c
Author: root <root at bofh.xelerance.com>
Date: Mon Sep 20 00:49:37 2010 -0400
Revert "Fix compiling klips for 2.6.18 based redhat kernel (they backported"
This reverts commit 084b1e9bf0600bda4701d2461c273b9cae2d1e97.
commit 07ab2b28aea60b908728560a6097b6d8990e55a7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 20 00:33:35 2010 -0400
updated changes
commit 084b1e9bf0600bda4701d2461c273b9cae2d1e97
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 20 00:32:25 2010 -0400
Fix compiling klips for 2.6.18 based redhat kernel (they backported
the 2.6.20 nfmark -> mark change)
commit db56045e37de667f018406b2a81fce6a45a3d5d1
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Sep 19 15:03:49 2010 -0400
updated changes
commit 877454be8cefbba4ab63ccaa06109e7d9ea127a5
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 15:01:18 2010 -0400
Remainder of grubb-fixes.git.diff affecting files not mentioned in
the email thread.
commit ddc92b1f8059bfdc4131fdc55c4d3d304567397a
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 15:00:23 2010 -0400
| In programs/pluto/ocsp.c at line 61 is an array of 6 strings. In
| ./programs/pluto/ocsp.h, it shows that STATUS_UNAUTHORIZED is 6. note that it
| skips the number 4. So this means that at line 1342, its potentially
| derefencing beyond the string array. I would suggest adding an empty string
| for what used to be #4.
Right.
Fixed.
commit 615110de0098f9398024d8ab548fe5563c5086f0
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 15:00:02 2010 -0400
| In programs/pluto/ikev1_aggr.c at line 1092 is a return, but at line 1093
| cur_state is set to NULL. Are they out of order?
I would have expected gcc to warn of that.
They look to be out of order so I've reversed them.
This code should never be executed so it probably never has been.
commit 49feceddec9c2f62408d92cebd68c48c45f03a45
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 14:59:09 2010 -0400
| In programs/pluto/ike_alg.c at line 118, errbuf is assigned to errp. It is an
| auto variable with a scope for just that function. Any use if that pointer
| will be invalid for any callers.
Yes.
And the snprintf call seems to reflect a misunderstanding of the
length parameter.
And the return_on macro has flaws: references to parameters are not
protected with parens; the ugly do while idiom is used, but with a
semicolon at the end, defeating the purpose. In each invocation, the
first argument is "ret", so it would be clearer and simpler to wire it
in. In fact, the macro seems hardly worth the bother.
The buffer needs to be allocated by the caller OR use the heap.
There are two callers.
One (spdb_v1_struct.c line 1142) ignores the returned value
(immediately overwriting it). So it should pass in NULL so that the
value isn't returned. (Perhaps it should not ignore the returned
value.)
I've allocated the buffer as an auto in the caller and passed it into
ike_alg_enc_ok.
commit 5aead4fae24b07c7980eba95b0c8e04a5bcef3a3
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 14:57:29 2010 -0400
| In programs/pluto/ikev2.c at line 807, agreed_time is checked to be non-zero.
| At line 760 it was set to false and has not been changed. Therefore it never
| enters the if statement's true path.
Right.
That code seems to have been copied and mutated from ikev1.c. The
mutation wasn't complete. I'd deleted the dead code. There is a
slight chance that that isn't what was intended, but this will not
cause a change from current behaviour.
commit 851f699b201c68e05fe8a5712360c3c1f36fde28
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 14:57:02 2010 -0400
| In programs/pluto/ipsec_doi.c at line 514, there is an array of IDTOA_BUF
| size. At line 516, len is checked for its size and if too big, set to
| IDTOA_BUF. At line 519, this becomes idbuf[IDTOA_BUF]='\0'; which is 1 more
| than the array should hold.
Right.
That code is confused. It has more than one off-by-one error.
It isn't even clear why it bothers to copy the value into the buffer.
It is used only for logging, and an appropriate format effector would
elimintate the need for the copy.
Fixed.
commit 202e6e08fd1b17cbdd8a76925aea8f7c96f15412
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 14:56:28 2010 -0400
| In programs/pluto/connections.c at line 637, the test for id_obrackets to be
| non-NULL will always be true since its initialized to a empty string. The test
| is probably not needed.
Right. Deleted.
| At line 830, cached_cert is checked to see if its not 0. Its initialized to 0
| and never changed. All use of that variable is suspect because its never
| changed anywhere.
Agreed.
Since there is no loop in this function and "cert" is an auto
variable, it is hard to imagine how this could be a cache.
I've removed this logic.
commit 96837fb61e5602d4c6984f6e3a920fcd79e3c92c
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 14:17:52 2010 -0400
| In programs/showpolicy/showpolicy.c at line 185, cbuf is assigned to a
| variable that is outside the scope of cbuf. At line 215, its used after cbuf
| is out of scope.
Right.
Easy to fix: move the use inside the scoping braces.
I adjusted some other scoping at the same time.
commit e8454d6b64b3f4b16a2dd8bde06dedafcad958f0
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 14:17:16 2010 -0400
| In lib/libipsecconf/virtif.c at line 249, n>=0 will always be true because n
| is unsigned it. I suspect this test is not needed or incorrect.
I deleted it since I could think of no purpose for even a variant of
it.
commit 0694f55c63ab1368ceba809abbd7c123f50caee6
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 14:16:38 2010 -0400
| In lib/libipsecconf/oeconns.c at line 534, the if statement will always be
| fale.
Yeah. connerr is useless. I deleted connerr and this useless code.
commit 6587e4c0d55e3b7d338e2ac81d227e74ff7394a0
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 14:16:15 2010 -0400
| lib/libipsecconf/starterwhack.c line 264 is unreachable code. I would remove
| the else clause.
Right. [fixed]
commit 3e9cd095205f2ccefc8c2ac26ebf74a54e6d2216
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 14:15:46 2010 -0400
| In lib/libwhack/aliascomp.c at line 37, needle is checked to see if its NULL.
| But at line 34, it was used. This would have crashed the program if it were
| NULL.
Right. Since (I take it) this code has never crashed, the NULL check
shouild just be deleted.
commit 92e1f968396df3be7e605ecb9ea96f74446b282e
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Sep 19 13:37:43 2010 -0400
| In linux/net/ipsec/pfkey_v2_debug.c at line 128, sadb_type is checked to see
| if its less than K_SADB_MAX. K_SADB_MAX is 19. At line 129, it returns a
| pointer of the indexed location in pfkey_sadb_type_strings. There are only 17
| elements in the array. So, its possible to have a pointer to the 19th string
| which does not exist.
That initializer was wrong. It didn't account for the fact that the
sequence of enums isn't contiguous. I've fixed that.
commit 3044ef746f9ccb30264cc386897265b60b267d13
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Sep 17 21:13:05 2010 +0300
Fix install to work.
commit 86cc1aa690dbdfe85228a78c6733f9a3d0e89826
Merge: d07ab6d b0c3803
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Sep 17 21:12:46 2010 +0300
Merge branch 'master' into tis-fixes
commit b0c3803842fe6dea7ed44d5a6ea2aa615da2b79e
Merge: b447b70 90831b7
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Sep 17 15:20:13 2010 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 90831b721abb7808ab4fc4398a9e399a9f976de3
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 17 01:03:59 2010 -0400
updated changes
commit 5feeffbc408eba176bf3e731305d9c14dcf81414
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Sep 17 00:44:45 2010 -0400
XAUTH: Avoid potential buffer overflow in cisco_dns_info
XAUTH: Improve buffer overflow fix for cisco_domain_info/server_banner
XAUTH: Fix possible single quote shell abuse with received Cisco parameters
being passed to the shell (for _updown)
If more then 50 bytes of caddr payloads were received in modecfg_inR1(), it
would overflow cisco_dns_info[50].
Remove first_dns_flag variable use.
The xauth variables now go through a new (static) function cisco_stringify()
to turn the received bytestream into a string. This also logs these options
and also calls sanitize_string() on them, and removes single quotes to avoid
these being passed wrongly to the _updown variables passed to the shell.
Properly malloc/pfree cisco_dns_info, cisco_domain_info and server_banner to
avoid any static buffer sizes.
Properly use XAUTH and MODECFG #ifdef's
Removed two useless calls to set strings to NULL at end of xauth_pam_conv()
Ensure dnshostname is initialised to NULL.
commit f1288e844b430d1a5fba650013148e14f3006ac8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 17 00:42:36 2010 -0400
Use clone_str(), not strdup() so that LEAK_DETECTIVE can find leaks of
these strings in vendor.c
commit 76b9646aceea62b542fbfc72eb6d9adaa65e012a
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Sep 17 00:41:55 2010 -0400
Fix for GCC warning in whack_log() when not using a format string.
commit aac47658e84bdf0746991fb327a4a37f9f137589
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Sep 17 00:40:52 2010 -0400
XAUTH: log a warning when we change the xauthusername
When spexcifying leftxauthname=, the name is run through remove_metachar()
but we did not log a warning if we modified the username.
commit b447b708e6a8fcb80162d1bf6ff5a9f519f5fc52
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Sep 17 10:36:53 2010 +1000
Fix up some hardcoded /etc/ipsec.conf references
Switch to using IPSEC_CONFS path for some remaining hardcoded
/etc/ipsec.conf references.
commit f4e3e5af7db6938fd6497a61e2f57d97e9620836
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Sep 17 10:28:42 2010 +1000
Build setup at build time, not install time
Setup has it's own special install target, rather than
have setup get built at "install" time, just use the NOINSTALL
option so that we can add our own install target but still build it.
That way openswan users who do not use "install" still get everything built :-)
commit 0a996a6b09b5053836c8ad9e755ceb1c7e7e384a
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Sep 17 10:23:01 2010 +1000
Fix ipcomp SA setup for netkey
We were always adding a cipher SA of some kind, even when we were doing
IPCOMP setup, this would result in EINVAL logs from pluto while trying
to setup the SA's.
commit d936d4042d112902047f993aa44550d051c5800f
Author: David McCullough <david_mccullough at mcafee.com>
Date: Fri Sep 17 10:20:05 2010 +1000
fix put on a sock that was not initialised
In the error case, sock may not be initialised and we call sockfd_put
on it.
commit c4d6ee3e6dcee8882b0f765da3274884a832ec35
Author: David McCullough <david_mccullough at mcafee.com>
Date: Thu Sep 16 15:58:00 2010 +1000
Fix iphdr length
A line of code went missing in the IPv6 work and is stopped IPCOMP
from working (under IPv4) because it relies on the ipsec header length
when trimming the SKB. Symtoms were short packets coming out of ipsecX
when IPCOMP was active.
commit 10ae9b9f7ec5ba5908853adfa3775bece493f2ce
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 15 16:07:31 2010 -0400
Added CVE to CHANGES
commit 4cc97c1869ef0e9d6bcb213113f6ea958f5fb183
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 15 16:05:27 2010 -0400
updated changes
commit d07ab6d7a902d0459693f3e960dd8bb42e98c1e0
Merge: 6277664 3a6891b
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Sep 15 23:03:23 2010 +0300
Merge branch 'master' into tis-fixes
commit 3c291c2bb514804c7c54ed168bcfbaa0691af98d
Merge: 0cb2347 0bb7e93
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 15 16:03:10 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 0bb7e939545a21fda336585b74a289006839b0f9
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 15 15:57:12 2010 -0400
Fix minimum nss requirements to avoid rhbz#453577
commit c90381e0c140a8977203321f140706f778b52e36
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 15 15:54:51 2010 -0400
Revert "Openswan did not compile with HAVE_NSS due to a nspr bug that is"
This reverts commit 6c8ff2791d13a4c56cbf8c5f76b2a3f519341c9a.
commit 0cb23470f52c2a2602bfc91be642a9475e19b6d5
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 15 14:56:43 2010 -0400
add /proc/net/ipsec/saref to report saref support
# cat /proc/net/ipsec/saref
refinfo patch applied
bindref patch applied
saref enabled
commit d1df9278fd543947c15eca6f75e3e0092139ae9f
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 15 13:57:07 2010 -0400
pass klips.ko build version to modinfo
commit 07533e7bf4ecc48d4156342c22a80b53a8eaaf86
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 15 12:23:39 2010 -0400
change IPSECVERSION to use git-describe if at all possible
Old version format looked like this: 2.6.master-201037.git-g73a41c9d-dirty
New version format looks like this: 2.6.29rc1-12-g3359614-dirty
The advantage of this form is that it tells us we are building OS
12 commits after the v2.6.29rc1 tag, and that the new version can
be used in git commands (like git log v2.6.29rc1-12-g3359614).
Building from a tarball is uneffected.
commit 94ebb0f394d013a20c7fa86cab44d891f7019c84
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 15 11:40:24 2010 -0400
use @IPSECVERSION@ as a replacement pattern
commit 10fbef5f38943356f22439b6d0b97b524982e7f0
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Sep 13 14:03:59 2010 -0400
fill in the SA and SRC address in ipsec_rcv_auth_init() error message
this commit tries to avoid a scenario where the irs->ipsaddr_txt and irs->sa
are blank and result in this error message:
KLIPS klips_debug:ipsec_rcv: SA: (error), src= of pkt does not agree with expected SA source address policy.
commit 3a6891bdf91f44b7a4ab281be74d78e90241182d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 15 01:09:55 2010 -0400
updated changes
commit 20a8ae4a7a50d3cc100334d5a0851043c71e2c25
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 14 23:51:50 2010 -0400
NETKEY: Fix for spurious kernel acquires landing us wrongly into
opportunistic code. [paul/dhr]
NETKEY is sending bogus aquire messages sometimes when used with
transport mode and L2TP (protoport 17/1701). These seem mostly triggered
by Windows and OSX clients. The acquire is notify of a %hold message in
the kernel. pluto then failed to match the acquire to a connection (there
was no matching on-demand tunnel or opportunistic connection) and would
install a "failsafe" %pass eroute. Unfortunately, the transport_proto
argument (17) was not set in this replacement eroute, and so we would
end up with a (bogus) %pass eroute, and a non-deleted netlink-aquire
%hold invisible to pluto.
In cannot_oppo() where we detect this failure, we now properly call
replace_bare_shunt() with the "delete" argument for the %hold.
A similar transport_proto mismatch in clear_narrow_holds() is fixed too.
commit 1979f4e109dbbda6cf084b7da8080d3066f17d3a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 14 23:51:03 2010 -0400
transport_proto is actually used, remove the UNUSED qualifier
commit 4cf2894e1e0045910468d16793ceb61623306121
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 14 23:47:44 2010 -0400
pexpect() claimed to be passert(). Also changed the message to signify
that pexpect() is non-fatal.
commit 23468f1368404f6a93323218200302c13c81ceb8
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 14 23:44:29 2010 -0400
Change comments on kernel debug - later should be fixed to use one
unified name (DBG_KAPI?)
commit 0c5be90e13f6631f1c22dabf008e63f0cd927eff
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Sep 14 23:39:55 2010 -0400
XAUTH: Avoid potential buffer overflow in CISCO BANNER/DEF_DOMAIN
Where are CISCO_BANNER and CISCO_DEF_DOMAIN specified? RFC of Draft?
What are their maximum allowed length? Are they supposed to be nul
terminated? Are they not sent in ISAKMP attributes with a specified
length in the isakmp attribute? Is strncpy appropriate?
commit 4c61ca4a8b5d39665ee13d2cd0dc9df1cd2af117
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 8 15:54:43 2010 -0400
updated changes
commit beecf78ac1c5cabd99d8da33b8712a6ef9025883
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 8 15:43:25 2010 -0400
a better workaround for rp_filter
rp_filter follows the guidelines of RFC 1812 and incoming drops packets that
don't seem to make sense. The particular test that KLIPS, in mast mode,
had problems with dropped packets that arrived on an interface to which
a reply packet would not be routed to. For example, packet arrives on mast0,
if we reverse the src and dst addresses, we shold route that packet back
through mast0. Because of the iptables + policy routing tricks mast
plays, we don't get that.
This commit does the foolwing:
- packets arriving from a tunnel, and thus having skb->dev == mast0, will
have the nfmark set to the SA they arrived on, along with the top bit set.
- updown script now installs two ip-rules:
from all iif mast0 lookup main
from all fwmark 0x80000000/0x80000000 lookup 50
the first one is new, and it sends all packets that arrive from a tunnel
through the main table, and as before the nfmarked packets go through
table 50.
- rp_filter will reset the skb->nfmark unless we tell it that the interface
set that mark. We do this by setting the src_valid_mark to something
arbitrary. In our case we set it to 0x80000000.
All this to make rp_filter happy once more.
commit e62fdf120b0e29f13875de3733e99f5e31207597
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 8 00:02:58 2010 -0400
updated changes
commit 62763205d6093a369961ef9be2cc6f4953d7fb71
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Wed Sep 8 00:01:16 2010 -0400
[IKEv2] Fix for using MD5 and PRF conversion function.
commit d58d1a34b808c0fd699f522ae25f10b7b78f0bb4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 7 14:23:10 2010 -0400
updated changes
commit 0b07ac31fe65c6f884f795facc7c58a5b1032fa1
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Sep 7 14:21:24 2010 -0400
bz621790: Support for SHA2_256 is missing in the current Openswan IKEv2
implementation. Besides adding support of sha2_256 (integ) functions, It
also required patching some other parts of the current implementation,
where ikev2 algos were incorrectly being searched using ikev1 algo
functions.
commit 0362d5106147299af7aa767effee7359cf9e3ec6
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Sep 7 14:19:23 2010 -0400
bz628879: Selinux avcs issues that happen due to pluto searching current
working directory. I believe that it probably happens due to the glob()
function used for parsing the secret files.
commit f982116e3048661b1cfc1c9837e6c3481b2dcc5d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 7 11:09:00 2010 -0400
Revert "[NETKEY] Delete addresses from interface on down"
This reverts commit 411607ff44d5051da09ea021e7bbcb202feb995f.
It is too dangerous to delete any IP address if we don't keep a
list ourselves of what we added. We might be removing a core IP
address.
One possible solution is to add the IP to the loopback interface,
so that we better know what we can delete later on.
commit e5c79b9d1cfe06456f7709217e40a425c9da480a
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 2 17:54:24 2010 -0400
updated changes
commit 6299b78c20622551f2ae8c91b2d45cd70a2c3137
Author: Bart Trojanowski <bart at jukie.net>
Date: Thu Sep 2 16:15:45 2010 -0400
startklips: virtual device gets mtu from physical device
commit 670a6cc613760d0ed97c5d49d4e2cd56755963b6
Author: Bart Trojanowski <bart at jukie.net>
Date: Thu Sep 2 15:49:33 2010 -0400
startklips: assign %defaultroute device's addr to mast0 interface
commit f2fbefe98feedf6922c4913cc4db4ae0d1883748
Author: Bart Trojanowski <bart at jukie.net>
Date: Thu Sep 2 13:35:30 2010 -0400
fix auto --replace regression introduced in policy-enforcement patch
in mast mode pass the POLICYONLY flags into klips
commit 9d7f5a22a2f7d59f848a531bebe070c5fc18b90d
Merge: 06e23f0 92bb640
Author: Bart Trojanowski <bart at jukie.net>
Date: Thu Sep 2 10:18:30 2010 -0400
Merge branch 'bug/mast-policy-enforcement'
commit 92bb640bf33b8b3c4f3d8466dff4df9b31202d56
Author: Bart Trojanowski <bart at jukie.net>
Date: Thu Sep 2 09:24:42 2010 -0400
ipsec policy to show packet counts
commit 1b04cdb92cd13fc85cb76e207ea30272705c8c5b
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 1 21:14:28 2010 -0400
makefile updates for ipsec policy
commit 0928c0cfcb7e2bd25eb25a188cee4c78f3dfbbbf
Merge: f717a22 06e23f0
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 30 21:59:42 2010 +1000
Merge branch 'master' into klips-ipv6
commit 06e23f04ef36e8b464020457e0d95632335417d2
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 30 21:52:06 2010 +1000
Handling of inet_sport/inet_dport not robust
The handling of sk->inet_sport/inet_dport required ipsec_kversion.h to be
included before the kernel header file. Switch it around to a version that
works no matter how the headers are included.
commit f717a22b218f54272e5d776d8eb260f138bcb4aa
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 30 21:16:22 2010 +1000
icmpv6_send changed to be the same as icmp_send
In linux-2.6.34, icmpv6_send changed to have the same args
as icmp_send, so handle this change.
commit 78e92966cf95e16ac2d704190e278e27d2e38731
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 30 21:09:01 2010 +1000
Switch to using iproute2 and add IPv6 support
Ditch using ifconfig and switch to iproute2 commands, actually makes
some of this easier especially IPv6.
Transferr all IPv4/IPv6 addresses to the ipsecX virtual devices
when configuring.
commit 098322d7de13b7936311d6f68d7aaf4ace977651
Merge: 5954719 411607f
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Aug 27 11:46:17 2010 +1000
Merge branch 'master' into klips-ipv6
commit 411607ff44d5051da09ea021e7bbcb202feb995f
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Aug 26 16:03:36 2010 -0400
[NETKEY] Delete addresses from interface on down
With NETKEY, inside updown script, although interfaces are being added,
but those interfaces are not being deleted when a connection is brought
down or pluto is stopped. It leads to adding several interface addresses
in the system.
commit 2c822e88a64a1448114a983b8710488f4158c9e0
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Thu Aug 26 11:29:30 2010 -0400
Cleanup backup resolv.conf file
After pluto is killed with SIGKILL, the backed up resolv.conf is not
being restored, something normal (as SIGKILL can not caught). However,
the backed up resolv.conf is not being cleaned up and restored even
after stopping Openswan ( "service ipsec stop") service manually.
commit 59547196e6335092a323bb1b358116ebb25efd3d
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Aug 26 17:01:11 2010 +1000
Do not double network swap the mac header proto
Whenever we assign skb->protocol we network order it,
so we do not need to do it again when copying into a packet.
commit 021e5d360b27dcf6560eab4aeeec521780954516
Merge: b49b04d 68c6ff0
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Aug 25 14:57:26 2010 +1000
Merge branch 'master' into klips-ipv6
commit b49b04d3df4b2f16b55f5f41e2e3ffdb6be55839
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Aug 25 14:50:37 2010 +1000
When sending IPv6 packets inside another packet do not use IPPROTO_IPIP,
user IPPROTO_IPV6. This gets us interop with netkey for ESP tunnels.
commit 68c6ff00edb4485795b2d61e17a88bde77f08d40
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 24 15:50:27 2010 -0400
updated changes
commit e4f26dfe9eed5bc175315c194d0c6f5cce8e7f95
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Tue Aug 24 15:49:02 2010 -0400
[IKEv2] connections were broken since 2.6.25
http://git.openswan.org/cgi-bin/gitweb.cgi?p=openswan.public/.git;a=commitdiff;h=7ff1d7abc574eab8c3a8f83b91292415a92d825c
The problem in the above commit has been fixed in the wrong way it seems
to me. We can not check for the presence of the auth payload "until the
entire message has been decrypted". I have created the patch that takes
care of following things:
1. Fixes broken IKEV2 (I have tested and verified it locally).
2. Fixes the problem in the above commit in a right way (I have not tested this you can verify if possible).
commit d335693e636f2600484828570d278b813e62f8d1
Merge: 9e4c9b0 ce1c0e5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 24 12:06:30 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 9e4c9b02ae3d08e115ae450bcd5aae2ea24a92db
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 24 12:05:57 2010 -0400
SAREF: Ported saref patches to 2.6.33.8-149.fc13 kernel
commit ce1c0e56e7979a7d0c31fa015b392e9baaa10f42
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 23 20:33:09 2010 -0400
updated changes
commit 5e031ed1838b67a3b1b9438e4a25aabf30667a84
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 23 20:32:37 2010 -0400
Log LEAK_DETECTIVE and HAVE_LIBNSS support on startup
commit 7c91cd0d80581f56eaedac7a64bd0edaead33b2b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Aug 22 15:53:07 2010 -0400
updated changes
commit 0ea2850a8429f07cebfb8bfcc1dc05bf5a83c31a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Aug 22 15:06:35 2010 -0400
Differentiate between road warrior and vnet instantiations.
For road warriors, secrets are looked up using 0.0.0.0 or %any, while
for vnet instantiations we want the specific src:dst hostpair secret.
commit 7288d416d8e0ba7e6ca1e580551ddd3d485e210b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Aug 22 14:50:09 2010 -0400
fix templating add_connection()
commit d1d42586839b7994fd8e35817bab26dac0c347c1
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Aug 9 15:47:18 2010 -0400
perl script to dump out simplified tunnel policies
commit f8447e39c06f0d8a079cebece4ee0a752825c577
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Aug 20 13:01:02 2010 -0400
some debug code for mast policy testing
commit b3e3cf85b753c2566c6288dacef84d592a4ee77d
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Aug 20 13:00:45 2010 -0400
show policy= if SA flags include POLICYONLY
commit d0f5bd80a07d4b29615cf7f812bf574f7e8f2401
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 18 17:20:16 2010 -0400
Revert "MAST: revert hack that was setting mast SA policy"
This reverts some of commit 1b52382641b101e5f6d48878b7a920c32752a755.
Starting this process all over again!
commit bfa3a151e396ec00015aea0005c9cc2cb5ceb655
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 20 00:11:39 2010 -0400
HAVESTATSD: Undid reverted log.c commit and added logging.
It seems to work fine, and uses a better unique value for conn->statsval.
With controlmore debugging enabled now logs all log_state() decisions to
assist debugging.
commit 0ac2a7af94862eb8634e87160610016272b4c263
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 19 14:34:00 2010 -0400
Use_comment is a boolean
commit 100778064dfece9510eb56c57186f3dd96a703ab
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 19 13:13:37 2010 -0400
[MAST] Fix use_comment variable use in _updown.mast
commit b99ad6671ce0cf3b363ea4e7854ca9b4280f4c1c
Merge: 1785af9 71ee967
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 19 12:11:12 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 1785af9dd3e22a2044faa1a6a0148c762fd5e481
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 19 12:10:31 2010 -0400
Revert "Fix conn->statsval using David's suggestion to ensure there is clash."
It is causing the check for duplicate logs to always drop every log msg.
This reverts commit 85ae9bda24fed7bef7ee23bec09ff42c33b5d2c5.
commit 71ee9676ce293c6b89fb0bd308b8da5ec8d51905
Merge: 486647d 252fbd9
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Aug 19 12:07:48 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 252fbd962183fa1cef44910cd7f3e77839379982
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 19 11:55:10 2010 -0400
Log havestatsd capability on startup
commit 486647d14c3d19daec0625a0d86ecfa11e70973f
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Aug 18 22:36:00 2010 -0400
Allow to debug debian pre/post inst/rm scripts by exporting DEBIAN_SCRIPT_DEBUG=true
commit 2ff14b0fcf775352712ca6ce1d5712a50933f2d1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 18 14:49:14 2010 -0400
updated changes
commit 91203d87d953ab56b84d974fc1082d6d026dad35
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 18 12:49:33 2010 -0400
MAST: use iptables --comment to show the conn name
commit caf15c012d6ab0141cc2fca54b5478598161c22a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 16 21:23:14 2010 -0400
OSX: USE_PFKEYv2=true is needed due to some calls to debug/logging
functions. This should be fixed properly in the future so this can
be set to false again.
commit 637505698d92956255988d649e20f9ecc0c03a10
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Aug 13 17:10:58 2010 -0400
MAST: eroutes below to the connection
it's ok for two connections that declare overlapip support to have their
own eroute object in mast mode.
commit 325833b761c73ea2d516e9dbd79df8f936582c94
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Aug 13 17:09:25 2010 -0400
trivial fix to info_lookuphostpair()
looks like the close bracket was put in the wrong place.
commit 570e29829145a23914502ad1f15ef96e1bb312b7
Merge: e3b22fe e6c0cc4
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Aug 13 16:01:33 2010 +1000
Merge branch 'master' into klips-ipv6
Conflicts:
linux/net/ipsec/ipsec_xmit.c
commit e6c0cc46379f3fb255b0cd81f84c8eb0a65923a9
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Aug 13 15:56:04 2010 +1000
Cleanup last remaining skb->dst references
When accessing dst, use the helpers (skb_dst, skb_dst_set, set)
as skb->dst no longer exists.
commit 8ecdc584e617b5cbc0acbbfb266fd81d1689d5f5
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Aug 13 15:45:49 2010 +1000
Fix up NF_INET_LOCAL_OUT/NF_IP_LOCAL_OUT use
CentOS uses NF_IP_LOCAL_OUT while linux mainline uses NF_INET_LOCAL_OUT,
however NF_INET_LOCAL_OUT is an enum and not so easy to test for, so we
test for NF_IP_LOCAL_OUT, and if it doesn't exist, go on to use
NF_INET_LOCAL_OUT.
The current solution for this failed if netfilter*.h was included before
ipsec_kversion.h
commit 85ae9bda24fed7bef7ee23bec09ff42c33b5d2c5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 13 01:23:50 2010 -0400
Fix conn->statsval using David's suggestion to ensure there is clash.
commit 564fb23de924f915092b251453d444df3bb6da9f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 12 19:20:32 2010 -0400
update changes
commit 0a91f1e62274151cfa10ab62fd3c5e95712f0d92
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 12 19:16:48 2010 -0400
HAVESTATSD: Log new phase2 messages as a result of a rekey
The refresh_log code kept a tuple of tunnel/phase1/phase2 to surpress
duplicate messages, and considered a rekey of phase2 a duplicate. However,
a new SAref is generated, and this needs to go out via an HAVESTATSD
message. I now add the SAref to the LOG_CONN_STATSVAL(&lc) result. This
causes a new phase2 with saref to be different and a message to go out.
(David should definitely review this)
commit d3a547e4b2cd37fd2ea5e9cc7604eaa27da8757a
Merge: ff1add7 712fa39
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Aug 12 23:00:31 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ff1add7ea64f4227c6fd1bf872f5d929899fea25
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Aug 12 22:51:25 2010 +0200
Remove some bashisms (echo -e and source).
commit 712fa397c3b95fe505437adf16a0222d012d202d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 12 16:06:36 2010 -0400
Fix my #if 0
commit 99c081a83283866d7918577d67f1a1107447766f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 12 15:55:21 2010 -0400
Uncomment vnet: handling for now. It is broken.
commit e3b22fe70397ff54972230408315c94d8aba905c
Merge: 21e3eb8 252cbe0
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Aug 12 21:18:18 2010 +1000
Merge branch 'master' into klips-ipv6
commit 21e3eb8f47a9fb75d51ad89fbbed78eef01552ac
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Aug 12 21:12:24 2010 +1000
Do not access skb->dst directly
All access to skb->dst must be done through skb_dst(skb) now.
commit 592e608f8190b16d2c66446350e573ec89dbcf74
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Aug 12 21:10:39 2010 +1000
osw_ipv6_find_hdr should be kernel only
move the prototype for osw_ipv6_find_hdr into the kernel only part of the
header file as this file is used by user space.
commit 252cbe07a259f61fcab31e4137c2310f8c30c6c7
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 11 21:59:13 2010 -0400
MAST: fix how kernel_mast.c handles replacement of SAs with the same SA
This would occasionally happen: mast_sag_eroute() would be called to
replace an SA with the same one. The mast_sag_eroute_replace() tries
to find the old SA and delete it, but since it was the one that was
just added, it would actually look like one was never added.
commit fceabcc23aba55f4380bc4f165f17571de4f440a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 11 19:49:22 2010 -0400
fix log line
commit c5d2b552ce16bcab613cea49975b222debab1acf
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 11 19:13:51 2010 -0400
Redid the vnet: fix - it was not getting called.
commit 0bba680ace7930f7333abcdea1c9cdceac16cb67
Merge: 1a86ccb bea6ffd
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 11 18:45:32 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 1a86ccbdc17487edc44c8fa6dc94cf31632369a6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 11 18:44:20 2010 -0400
It seems c->spd.that.virt (or this) was not set in all cases when
we had a virt. So instead, we check the whack message for any
virtual ip using wm->left.virt
commit bea6ffde96f32e04b38ca2cebb79067edc536953
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Aug 11 20:44:18 2010 +0200
Update the script that allows to create a deb package out of the git tree.
commit 6ff2ec5851f4002d6dc4f5627da821c435309321
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Aug 11 18:55:22 2010 +0200
Change the make module26 to make module in the DKMS configuration file
and in the openswan-modules-source rules. Thanks to Harald Jenny.
commit 95443cd249e0fa0ec0d4fb6b71cbc35f3b0d6c32
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Aug 11 18:48:57 2010 +0200
Remove all .cvsignore files
commit c90c46be434cc0a68a8f5e1b0e88a9d019a9f733
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Aug 11 13:14:53 2010 +1000
Remaining IPv6 combinations working
Clean up some of the cruft from the previous IPv6/IPv4 commit (trace etc)
Straight ESP tunnels between openswan instances are working for all
combinations of IPv6/IPv4. Combinations tested are:
192.168.0.0/24===10.31.1.2 ... 10.31.1.1
192.168.0.0/24===10.31.1.9 ... 10.31.1.3===10.46.20.0/24
fec0::1:0:0:0:0/64===10.31.1.9 ... 10.31.1.3===fec0::2:0:0:0:0/64
192.168.0.0/24===fec0:0:0:3::1 ... fec0:0:0:3::2===10.46.20.0/24
fec0::1:0:0:0:0/64===fec0:0:0:3::1 ... fec0:0:0:3::2===fec0::2:0:0:0:0/64
IPCOMP and AH are still in need of an IPv6 pass and there is still some
common code elimination that can be done. Interop needs to be checked, most
likely with netkey for now.
commit a795417faefbefc2a3ea4d2570293470fa6bd3a7
Merge: 0acc8c1 1b52382
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Aug 11 12:44:50 2010 +1000
Merge branch 'master' into klips-ipv6
commit 0acc8c17332e3e1d836cfb33671a9e2aaeb2757a
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Aug 11 12:42:03 2010 +1000
Removed unused fields and change orgedst
Remove a whole bunch of unused fields from ipsec_xmit_state
and change orgedst to a more useful format that can handle v4 and v6
usage.
commit 1b52382641b101e5f6d48878b7a920c32752a755
Author: Bart Trojanowski <bart at jukie.net>
Date: Tue Aug 10 18:58:45 2010 -0400
MAST: revert hack that was setting mast SA policy
this requires more work, so reverting the changes for now.
commit 91ec3ebbcc7a22865de8f8b5bbf0d8d7c99216e0
Author: Bart Trojanowski <bart at jukie.net>
Date: Tue Aug 10 17:06:08 2010 -0400
MAST: fix klips' delflow handler when POLICYONLY flag is used
commit 40f8193b88eeab82789ced53983fdc6b6902d900
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 10 18:37:01 2010 -0400
* PLUTO: If vnet= is used, allow instantiation of the conn
If c->spd.that.virt is set, it means we should instantiate, even if
not "%any" appears anywhere in the connection.
commit 09cc4bef55d9b14cdc9f21b0e2ca2e0f68cd368e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 10 13:56:39 2010 -0400
mising space caused the if-statement to be unending. And on ubuntu
with /bin/dash as /bin/sh that gives a really obscure error without a
line number.
commit ba4f809d747454fdbfcb0825bbfc35b70bd5ad56
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 10 11:45:23 2010 -0400
updated changes
commit 859d5f284be8d2ac7952deb5db18444f801a78a1
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Aug 9 20:19:09 2010 -0400
MAST: favour deleting an SA even if the pfkey op failed
commit c679cdac332e7dda004eef18a053f3db8d5eacb4
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Aug 9 19:59:00 2010 -0400
MAST: allow for setting of policy for inbound SAs
commit 0de45e5aeccfe0b04bd46975d4ba9b2070c6a47f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 9 15:39:39 2010 -0400
Fixup for previous mast0 mtu fix. We checked inside an "if $klips" section
by mistake.
NOTE: Seems that $virt is set to ipsec0, not mast0 even if $mast is set.
commit 18d6bd963120d32a8c6703d1fd2d6406e8096e1b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 9 13:54:49 2010 -0400
updated changes
commit c9c5af45c71e34ac01b2cc4cc164f36d9f79fcb1
Merge: c2e340b e680a68
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Aug 9 13:02:02 2010 -0400
Merge branch 'bug/mast-policy-enforcement'
This set allows for klips SAs, in MAST mode, to maintain info about the
tunnel policies. This is evident in /proc/net/ipsec/spi/all, but also
allows for klips to drop packets that don't fit the policy.
commit e680a686c559833c8571a737d1d8e19d8b819671
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Aug 7 23:24:06 2010 -0400
MAST: inforce outgoing tunnel policy
Prevent tunnel from picking up packets that are not allowed by SA policy.
commit 52087b8252e35888e70c9d39f8c59b1f00299318
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Aug 7 20:31:25 2010 -0400
MAST: use addflow pfkey command to set policy on tunnel SAs
This calls pfkey_sag_eroute() from mast_sag_eroute() to update the SA's
flow/mast info and give the ipsp enough info to enforce policy.
commit 61e89926ac5ceb72a221957d49088dde334b4186
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Aug 7 20:01:02 2010 -0400
separate erouting from setting SA policy
This commit adds a new pfkey flag, POLICYONLY, to the ADDFLOW command.
With this flag set, eroutes will not be established, instead only the
SA flow/mast variables will be set.
commit c2e340bb362c566954cb695449a958b47a2e4b47
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Aug 9 15:12:08 2010 +0200
Allow dkms deb packages to not contain a dash in the version number.
Go back to quilt patching system for deb packaging.
commit 9792d5261f85015be4b2d4117ef03cb43975b33b
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Aug 6 15:00:28 2010 +0200
Sync debian/ from Debian (thanks)
commit 436722bab9df661db4619416137662fd6cd79933
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Aug 6 10:29:50 2010 +0200
Sync debian/po with Debian.
commit 0f0319fad233bd3c526c1fda5969099396eb22c7
Merge: 9a982f7 8b22b25
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Aug 6 17:01:25 2010 +1000
Merge branch 'master' into klips-ipv6
commit e8b8320078d0d9f5bda9e89c06ed718f04fe9b78
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Aug 5 23:22:39 2010 +0200
Update fr.po with the patch sent to Debian (thanks to Christian Perrier)
and fix a typo in the patch. Closes Debian bug #585598
commit d83b1be78ffd3f132ad6b0f2674cbaa637319331
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Aug 5 23:15:33 2010 +0200
Remove useless .svn cleanup.
Update debian/control
commit 8b22b2554086ca81c0aa2c08855a88e6b4bc2ea9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 5 10:19:34 2010 -0400
updated changes
commit e1aa8a7db1e6f8ddb4b59133e5931f75022a0b66
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Aug 5 10:35:34 2010 +0200
Add a "1:" prefix to the version in debian/changelog to have a
package version number that uses the same epoch as those provided
by Debian/Ubuntu.
commit c244a4bb65c9a5fd274de6c81b2e04ad433697ff
Merge: 965d609 73c216e
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Aug 5 09:48:59 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 73c216e50b5bb37f1a060d6b369c8f1ad675fc36
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 4 22:30:57 2010 -0400
restrict rekeymargin to be smaller than salifetime
should someone configure salifetime to be less than rekeymargin, acceidentally
or on purpose, this at least attempts to get them a working system.
commit 830308e90cb33ba4f20d84eb38695377db5122bd
Merge: 2eb4345 d12382b
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 4 21:31:38 2010 -0400
Merge branch 'bug/mast-iptables-rule-leak'
commit d12382b346a4e16fb56e40a30804e4e5620e8c1e
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 4 21:01:23 2010 -0400
MAST: fix iptables rule "leak" on rekey
when an SA was rekeyed, we would try to delete the iptables rule matching
the nfmark generated from the new ref value of th SA that replaced it.
When coupled with an overlap window (configured with rekeymargin less
than salifetime) we would never actually remove the replcaed SAs in the
iptables chain... and the chain woudl grow indefinately.
commit cabd7fe660ba0301dfcc3894c0a1a9a242a1b0bf
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 4 21:04:39 2010 -0400
MAST: use only the most recent iptables rule
iptables rules are evaluated in chain-order. Since we add new rules to the top
of the chain, the most active rules are at the top and hit first. However,
the chain evaluation didn't stop on the first hit.
This change makes the test expression of the chain more explicit, and will
only match packets that have not yet been marked. This make sure that
we pick up the latest SA, in case junk is left behind in the table for
some reason. It also means that counts in the iptables chain will be
correct.
commit 965d609270554b3e6b18212bf168d43aade8f168
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Aug 4 23:31:36 2010 +0200
Prefixes deb version with 1: to follow Debian/Ubuntu
commit 099df7348eef38828b702581905a28403a50b284
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Aug 4 23:27:27 2010 +0200
Remove deprecated comment as USE_IPSECPOLICY is now enabled by default
commit b3fb1f04bd9e22a7c5e945172ea20a2b52dddad4
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Aug 4 18:02:38 2010 +0200
Remove information only related to official Debian packages
commit 85eb1ee9adcffa20ba62a133a06214a798fe3c22
Merge: f4cdac8 2eb4345
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Aug 4 11:49:26 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit f4cdac8906fd5ad30d68b01d1c93eb3f9bbba2ab
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Aug 4 11:46:41 2010 +0200
Combine two find to clean .(cvs|git)ignore files into one.
Do not try to change debian/changelog while building a package.
Eventually the release script will update this file automatically.
commit 62776641b1574c6ea86776a01a25ebfdbdaedb7a
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Aug 4 11:12:27 2010 +0300
Revert "Use dev lo instead of PLUTO_INTERFACE for missing sourceip."
This reverts commit a7385c3907e9ab14e5d641ba98f6851d9b967631.
This was a experiment and I didn't get any comments about this
working or not.
commit d710d4b547d3ab43030dfcaf25c9a0715f65ed51
Merge: f674952 2eb4345
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Aug 4 11:10:46 2010 +0300
Merge branch 'master' into tis-fixes
commit 2eb434548548f8ab9204a26cb72db79fd1cab33d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 3 22:32:01 2010 -0400
updated changes
commit 8209794f6f906bf77b7c87d94ef49e6bee468fa2
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Tue Aug 3 22:30:37 2010 -0400
SAref patches ported to Linux 2.6.35
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit ae3e6753ef19fdece55764f6c2db8ee1c7724b6a
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Tue Aug 3 22:29:22 2010 -0400
Patch for KLIPS on linux 2.6.35
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 14f8691a20c1cab024b4df36b83f143509f520c5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 3 20:40:17 2010 -0400
Add setting net.ipv4.conf.all.rp_filter=0 in the sysctl.conf.in example
file, as setting just net.ipv4.conf.default.rp_filter = 0 is apparently
not enough.
commit 9a982f7b21a694a4edf2e225d42908c9c39e46ac
Merge: 8c06c08 7b39a2a
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Aug 3 16:11:09 2010 +1000
Merge branch 'master' into klips-ipv6
Conflicts:
linux/net/ipsec/ipsec_rcv.c
commit 7b39a2ac521f2a015ebd47ef8a0036e4efddb3e7
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 29 14:43:34 2010 -0400
updates changes
commit b2e9224a3c1a8727ef3d1cb16bbfebc488c8b8c4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 29 14:35:27 2010 -0400
updated CHANGES
commit dbe069c4e26ee58f3475e008f48aa8ce4b44897f
Author: Bart Trojanowski <bart at jukie.net>
Date: Thu Jul 29 14:05:36 2010 -0400
fix for nfmark update in rcv path
use the correct mask when updating nfmark
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit de1472dd199c291cea450c5e80ff77a88938af05
Merge: 9a88bff 7a8e491
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 29 12:58:30 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 9a88bff10f8abee59579f904075b9b50386c29bd
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 29 12:57:49 2010 -0400
Updated copyright message. Added Avesh Agarwal. Updated year to 2010
commit 7a8e4918b1f76c92fae05563ea9da6161f48b9b6
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Jul 29 15:28:54 2010 +0300
Comment cleanup: Please use C-style comments.
commit ac2c69d8d4823162baa382e0fcd0f7807eb1127a
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Jul 29 15:22:57 2010 +0300
Comment cleanup: Please use C-style comments.
commit cb3f12527aeec9f682ef0981ac01800095a6cab9
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Jul 29 11:55:14 2010 +0300
Update changes.
commit 2aee31f92d47517159171c44e75646e61261cecd
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Jul 29 11:53:57 2010 +0300
Comment cleanup: Please use C-style comments.
commit 8affa75802879fe51c2be863ccbcf7fbb1d8f54b
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Jul 28 21:07:14 2010 -0400
for plumbif pfkey replies, return a valid errno
KLIPS would return bogus error values for failed plumbing pfkey requests. One
example:
ERROR: PF_KEY K_SADB_X_PLUMBIF response for configure_mast_device included errno 239: Unknown error 239
The '239' error code resulted from an 8bit cast of -17. Instead this will now
generate this error message:
ERROR: PF_KEY K_SADB_X_PLUMBIF response for configure_mast_device included errno 17: File exists
commit 1a0ed45754e14d49c3e8c2aa76e865855af2a867
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Jul 28 20:48:17 2010 -0400
fill in missing entires in pfkey_sadb_type_strings for debugging
commit 8e619c7cf16815749b813833662e120191f41b18
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Jul 28 11:26:40 2010 -0400
MAST: disable use of CONNTRACK by default
Usage of CONNTRACK to help us determine SAref was added to speed up long
chains in iptables. Unfortunately CONNTRACK gets confused under some
setups. This change disables it by default, until a better solution is
found. Edit the updown.mast script to reinable it.
commit 8c06c08ba258db6be0a99c05b1f093c439b4caa0
Merge: 5430dc5 ae25ca0
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jul 27 09:55:00 2010 +1000
Merge branch 'master' into klips-ipv6
commit ae25ca0cc68b02a50760662a071a63f1e29bba1c
Merge: 40aaad8 12cc045
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 25 21:53:17 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 40aaad8ca2392d9cdafff7f827a87d11ed85e067
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 25 21:52:35 2010 -0400
HAVE_STATSD: log nfmark in hex, not dec.
commit 12cc0451ae4d9f56ba55000c452dccb26f858c6f
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 25 18:59:01 2010 -0400
updated changes
commit 2aa01216966bcf7e54be713323547827ba263e8a
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 23 18:38:15 2010 -0400
register the new ipsec_secpath_secref_ops interface exported by the SAREF patch
commit d866c24a355d3aea9b313141b165e0be838695a0
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 23 19:49:04 2010 -0400
SAREF: rework exported interface to avoid might_sleep() calls during rcu lock
This rewrite avoids panic caused by...
BUG: sleeping function called from invalid context at include/linux/kernel.h:157
in_atomic(): 1, irqs_disabled(): 0, pid: 9671, name: xl2tpd
Pid: 9671, comm: xl2tpd Not tainted 2.6.33.6-147.saref.fc13.x86_64 #1
Call Trace:
[<ffffffff8103a487>] __might_sleep+0xe8/0xea
[<ffffffff813845ab>] might_fault+0x17/0x1e
[<ffffffff81384625>] put_cmsg+0x73/0xe0
[<ffffffffa023cc08>] klips_ip_cmsg_recv_ipsec_refinfo+0x7b/0xa4 [ipsec]
[<ffffffff813bb46f>] ip_cmsg_recv+0x271/0x297
[<ffffffff813d6f42>] udp_recvmsg+0x18d/0x217
The problem was caused by calling put_cmsg() while rcu lock was held in
ip_cmsg_recv_ipsec_refinfo(). The rcu lock is not intrussive, but it does
disable preemption, which is bad for put_cmsg() that needs to call
copy_to_user(), and could cause a page fault.
In this patch, I've moved the call to put_cmsg() to outside the rcu locked region.
It is thus no longer neccessary to pass the cmsg to klips for update, instead the
API was changed to get_secpath_sarefs() where klips returns the refme and refhim
values.
Similar change was made to the send path also. API function was reduced to just
setting the SAref, no longer needs to know where it came from.
commit c7d06aaeea4ffe9ec6adfe2d32c029c5b98bca79
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 23 17:59:32 2010 -0400
updated CHANGES
commit 7e86778358dacd7c49ad25a2055022e0152ee3a9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 23 17:54:52 2010 -0400
HAVESTATSD: Slightly clarified and changed log messages
Change default from "down" to "unchanged" and added "p1_down".
This should clarify the log lines so that when a phase2 change is
happening, the phase1 part of the log message shows as "unchanged".
commit 55f1025f7687c751cd0d46803c4b62ac93b9913f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 23 17:41:16 2010 -0400
updated changes
commit 24c295d6d68e896b9a0a9433b279965649ddc1ee
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 23 17:39:29 2010 -0400
MAST: Temporary workaround in _updown.mast for rp_filter / martians problem
commit a1d3393565f41c43b56c21f8e584fede45af6743
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 21 23:54:53 2010 -0400
updated changes
commit 2fe077a75053e44ae1c272831262e45c8fcb9c0c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 21 23:51:22 2010 -0400
SAREF: Clarified defines and fixed nfmark printing in HAVE_STATSD
IPSEC_NFMARK_IS_SAREF_BIT is now defined to make SAref handling a
little clearer. Logging of the nfmark is now in hex, and shows the
actual value found in the skb, not the value based on the SAREF_BIT
not being there.
commit 4aca549af32b0d8a09d93fe1847984027673ece1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 21 12:48:08 2010 -0400
updated changes
commit 55555230890c8b3e8335cb47590f6398e4aa932d
Merge: 5a1433f 33b87b5
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 21 12:47:58 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 5a1433f6cca229f3cd0b338b63a72d1a305afa72
Author: Roman Hoog Antink <rha at open.ch>
Date: Wed Jul 21 12:41:54 2010 -0400
Since linux git commit 5dba93aedfc6906b27791c4a1136b177beae25b7 (Fri
Sep 25 13:11:44 2009; part of linux 2.6.32), when deleting a policy,
the netlink reply packet is bigger.
I spotted an inconsistency in the receive buffer size in
programs/pluto/kernel_netlink.c of netlink_policy(..). This lead to
the following error messages of pluto:
netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy eroute_connection delete inbound was too long: 100 > 36 netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000 at 10.3.4.1 was too long: 168 > 36
My environment: openswan 2.6.26; linux 2.6.32; IPSEC ESP in transport mode; netkey.
https://bugs.xelerance.com/issues/1120
commit 33b87b56aa97392281fa27c13bfc07b5b90f5bbe
Merge: a59506a 7c20677
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Jul 21 12:30:56 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit a59506a0da59594cdbccf8a96195e7284a886df7
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Jul 10 19:42:42 2010 -0400
account for udp encap_rcv() function swap, and restore on unload
Previously when klips was told by pluto to convert a UDP socket to en
encapsulating one via the IPSEC_UDP_ENCAP_CONVERT ioctl, it would do
so blindly and w/o a way to restore the operation. The conversion
replaced the 'encap_type' and 'encap_rcv' values of the socket, the latter
of which is a function call.
It's however possible that the socket would not be cleaned up until after
the klips module was unloaded. This would mean that any packets arriving
after klips was unloaded, but before the socket was fully closed, would
end up calling the socket's 'encap_rcv' function pointer. Since, at this
point in time, the pointer is garbage it would result in an Oops.
This fix models itself on the way that drivers/net/pppol2tp.c handles the
problem.
commit 5430dc52fc63ad74cf7c7ec224a4b1cfc65d1d42
Merge: a5ff8ee 7c20677
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jul 20 13:01:01 2010 +1000
Merge branch 'master' into klips-ipv6
commit 7c20677cf7b67942f981f09055e3c98a4f6ac514
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 19 09:46:50 2010 -0400
update changes
commit 751a3a4a8cb49f058161752cce1548530a82b65c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 19 09:46:06 2010 -0400
Fix for HAVE_STATSD log output when two connections share a phase1
commit f674952839a1dcb105654dfc7e589b9b594fc9b0
Merge: a7385c3 f74ae1e
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jul 19 10:17:14 2010 +0300
Merge branch 'master' into tis-fixes
commit a5ff8eea22b09b32b7bcf89bc8f51996dc51e666
Merge: ac35971 f74ae1e
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Jul 19 16:20:29 2010 +1000
Merge branch 'master' into klips-ipv6
commit ac35971a99eacae529d6ebe82fa54fb010b879c0
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Jul 19 16:18:02 2010 +1000
Parse IPv6 addresses with port number
If a port number is added to an IPv6 address it will be enclosed
in []s, handle this case.
commit 8e0f087886dd76320f0b5186e52567b217e06728
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Jul 19 16:15:44 2010 +1000
Use []s when port is added to IPv6 address
The convention is to encapsulate the IPv^ address in []s when
a port number is added, we do that here so that user space can determine
and IPv6 address from an [IPv6]:port in the output.
commit f74ae1e621886cc630582f94b45347e57232eb5d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 14 15:30:17 2010 -0400
removed double changelog entry
commit 673f971d5fcab338a525306c544e9fa3a1246b79
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 14 00:32:56 2010 -0400
updated changes
commit a56037c4124ab0997717bf7a8606c42e9284b996
Merge: 5df1274 30bccb9
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Jul 14 12:09:52 2010 +1000
Merge branch 'master' into klips-ipv6
commit 30bccb9e0e45138081b4b1608f070b945c2d56c5
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Jul 14 12:07:15 2010 +1000
Fix phase1/phase2 logging through statsd interface
Previous users ignored unknown phase1/phase2 states, this meant that
no one noticed they never showed as up.
Add in the p1_up and p2_up cases.
Make a truly "unknown" tunnel state (ie, undefined) as unknown.
Fix up the statsd call syntax for the statref parameters.
Reformat to confuse the reader.
commit bea9a49b1e3862bd814f86889441c1bab03e5886
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 12 13:28:43 2010 -0400
update changes
commit 5df1274abb845f55724986eaf5267d29d5caf7fe
Merge: 0f13729 bc6ec0a
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Jul 12 16:22:17 2010 +1000
Merge branch 'master' into klips-ipv6
commit bc6ec0a175f6f21e7f677ac6787841b3ffc9ab15
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Jul 10 11:23:59 2010 -0400
revert "cleanup reference counting on net_device's"
This reverts commit 0c48f4afc13d9bf5486b5dfb719b9baaaa69cf3a, which
attempted to fix a bug in unloading the module while UDP encapsulated
packets were being processed, or were about to be processed.
However that didn't fully fix the problem and worse created a refernce
couting issue.
Removing this "fix" in favour of a better solution.
commit 289c4e757ed220ca9a43cdf25a5d1b08ed7214e7
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 9 16:36:01 2010 -0400
use ipsec_dev_hold() and ipsec_dev_put() macros
commit 52bcd2a98c71cdcccbb4d8bbdd1acbd17964629b
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 9 13:44:26 2010 -0400
set ixs->outgoing_said in mast mode
Some code, specifically NAT-T, uses fields from the ixs->outgoing_said. We
previously never set this structure in mast mode, because it was not needed
for looking up the SA, which is the case for protostack=klips.
Also added a mast_mode flag which is used to check if the xmit state is
working from a mast device or not. This was previously done by checking
ixs->outgoing_said value for zero, which is no longer possible.
commit 3dffb8717e12b34a54ba7a0a051cd7273e9c16d7
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 9 10:06:37 2010 -0400
fixed copy-n-paste issue in ipsec_print_ip
commit b8c2bf18391288b0b6f53628d87175d1a9342e97
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Jul 8 11:18:14 2010 -0400
Do not use sudo to execute commands as this script is executed by root.
commit 0f1372930318132d2a99582e54f2b58524d2b18b
Merge: 3ac51f4 809e95a
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jul 8 11:29:24 2010 +1000
Merge branch 'master' into klips-ipv6
commit 809e95ac26f0e55617465e026a84305c5e0f172a
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Jul 7 17:48:10 2010 -0400
MAST: remove some left over debug code that snuck in
commit aae4eec07c03472994d4c085149f5eb67b74d402
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Jul 7 17:44:48 2010 -0400
MAST: fix updown script, create NEW_IPSEC_CONN before using it
commit 02184656d62e7eeb790a68af8c0a9f44a0aebbc4
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Jul 7 15:39:51 2010 -0400
fix ipsec_print_ip() for UDP packets
commit 4803ba74b18e13c00e7c6d9330123ed4e870ab29
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 7 15:06:20 2010 -0400
Reworded the SAref patches to seem less KLIPS centric, as the NETKEY
stack could easilly add support for this as well.
commit a7385c3907e9ab14e5d641ba98f6851d9b967631
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Jul 7 00:23:13 2010 +0300
Use dev lo instead of PLUTO_INTERFACE for missing sourceip.
commit b890d2955fb705d163b26851d018c3df6e0dd033
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 5 20:07:18 2010 -0400
updated changes
commit be931d2308dca563fb642d96e86df9c894d7ce59
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 5 18:40:00 2010 -0400
logged Bart's scriptlet as comment in the martian sysctl setting. Not
sure why it would be needed, but it was on one test system.
commit ed5f33ae587ebce24ba28033b2d28dfdd50ae323
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 5 18:34:57 2010 -0400
remove vim macro and fix a typo in doc.
commit 3ac51f45b63acb261b8942803b4a25ee22efb4fc
Merge: a6a969d 27d0dc5
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Jul 2 16:05:06 2010 +1000
Merge branch 'master' into klips-ipv6
commit 27d0dc51348545e8366a1c95acd672e3b0d95164
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Jul 2 16:02:08 2010 +1000
Don't fail non-existant header_ops (breaks ppp)
Be careful about which header_ops we fail, instead just silently move on.
ppp doesn't provide header_ops on some kernel versions (ie., 2.6.26)
and this causes ipsec to fail on ppp interfaces.
commit a6a969daaa0f4a4f0139449ddae6f8e53101b5e6
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jul 1 12:17:04 2010 +1000
First IPv6 packets through klips
This is a first rough pass over klips to add IPv6 support.
These changes allow an IPv6 over IPv4 tunnel to carry ping packets.
So a tunnel setup like this is possible:
fec0::1:0:0:0:1/128===10.31.1.9[+S=C]...10.31.1.3[+S=C]===fec0::2:0:0:0:1/128
There's lots of cleaning and rearranging to do and of course the IPv6 over IPv6
support needs to be done. There are also lots of "not yet IPv6'd" code left
in there as well for good measure.
commit aa3196f8ea03475f543f6481725ffdc936dc18b8
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jul 1 12:16:06 2010 +1000
Handle IPv6 addresses in /proc/net/ipsec_eroute
Hopefully one of the few changes needed in userland for klips with IPv6.
commit c661699103309f28333a715bb38b8aab66d075d7
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jul 1 11:22:25 2010 +1000
ip_select_ident needs to be called before hashing
I found, by chance, the AH xmit path for klips protocol stack is a bit
broken. After a small research I found the ident field for ip header is
selected after generation of a hash for a packet. According to RFC 2402
ident must be selected before generation of a hash.
A possible fix is in the attachment, I hope it will be usefull.
Kirill.
commit bd8b39b48d43a80c77e1a7a3463936e2b81cbef4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 30 16:54:13 2010 -0400
updated changes
commit f4a8bb8a866b39ed3d9d144ddbb2027f24a129e1
Author: Bart Trojanowski <bart at jukie.net>
Date: Tue Jun 29 19:54:46 2010 -0400
convert allocation of saref subtables to kmalloc/GFP_ATOMIC
previously we used vmalloc() which resulted in a call to vmalloc() under
spin_lock_bh() after 2k sarefs have been given out. vmalloc() calls BUG()
when called with preemption disabled -- which is bad.
It should be OK to allocate a 16k buffer (or 32k on 64bit systems) for the
subtable using kmalloc(), unless the system is under severe memory pressure.
Either way it's nicer to fail with a memory allocation failure than to panic
the kernel.
commit 559ae9d2d53c30336f4629fb337cbc58c1dd79e5
Author: Bart Trojanowski <bart at jukie.net>
Date: Tue Jun 29 19:45:59 2010 -0400
define IPSEC_SA_REF_SUBTABLE_SIZE
commit 0ede839e2e0f86330ee84c0f148f4f93603777bd
Author: Bart Trojanowski <bart at jukie.net>
Date: Tue Jun 29 19:26:56 2010 -0400
make some ipsec_sa functions 'static'
commit 34ed406a3795f7db6223aa5a016cf1c8f87464fa
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 25 17:20:45 2010 -0400
updated changes
commit caaf618d877dcfc028b13157f44d3405215bf56d
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Fri Jun 25 17:18:59 2010 -0400
_startnetkey update for DNS and NetworkManager
Currently, openswan just stores only those dns servers obtained from
the VPN server in resolv.conf, however now it also stores one local dns
server extracted from resolv.conf.
Changes required for NetworkManager-openswan, specifically for exporting
variables to be used by NM, and for calling nm-openswan helper.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit e421db0fdb072cc1a3a09adfb2d489847d302ef0
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Fri Jun 25 17:16:10 2010 -0400
Changes to _realsetup.in for making the init script LSB compliant.
Currently, if pluto is killed (SIGKILL), it leaves both pid and lock
files, and if one does "service ipsec status; echo $?", it returns 2,
however for to be LSB compliant, it should return 1. The reason is that
when both files are left, then the script should check for pid file first,
and then for the lock file not the other way around. (rhbz #594767).
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 662f9dffe06b0f6bb39b78e2c39dd803f5a444f5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 25 15:43:28 2010 -0400
updated changes
commit e4609a92f6e607d52eeb064795c9957ff2fcd0af
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 25 15:42:22 2010 -0400
Set the default havestatsd connection change from "unknown" to "down",
as that is what it seems to be.
commit 53dae2ed76cf9d5aff5348c192139369cbf860ec
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 25 15:27:20 2010 -0400
updated changes
commit ec9770002debb73071eeb3d169497e92d1328bf8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 25 15:25:06 2010 -0400
Allow rightsubnet=vnet:%priv or rightprotoport=17/%any without right=%any
commit 8087818f9e7dfddab7776259aa319fa63b29e5d2
Merge: cf1c67f 27115b9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 25 10:46:13 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 27115b92e9bc66326f0ff22b1f633f776570cfa8
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Jun 25 09:21:10 2010 -0400
Make the debian/changelog properly configured for non-maintainer upload.
commit c87d653d94cc87d286250065c49ecd4bf592db00
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Jun 25 09:18:15 2010 -0400
Change the make module26 to make module in the DKMS config file.
commit ac22d1c5169bfed861583ec7882744939a7de134
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 23 14:17:34 2010 -0400
Correctly set USE_SAREF_KERNEL and export USE_SAREF_KERNEL and
USE_MAST in files included in Makefile
commit cf1c67f3d5857f4d14039ddcdcb84f8a73e90c4a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 22 21:21:20 2010 -0400
DBG_ALL did not include DBG_OPPOINFO or DBG_DPD
commit 08ddf931c5161bb6a0cbe5c4b381cb61f3ebc4c6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 22 17:54:42 2010 -0400
updated changes
commit bcfc7861966b5281516f39081445b89006bd3154
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 22 17:53:50 2010 -0400
Log SAref and SAbind capabilities on pluto startup.
commit c1cfa34f1a59b24a8f65286298eb646176026074
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 22 12:50:14 2010 -0400
remove rcsid
commit b442c049a290a0494b58920e351d5d6bbeced35e
Merge: 71f3101 22324a9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 22 10:34:15 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 71f3101b4876f92f46318a596e1f72228e96105b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 22 10:32:33 2010 -0400
Bart's MAST patches actually did not make it into 2.6.27 - I read gitk
graphic wrong. Modified CHANGES to reflect that.
commit 7ffe1c7867267426556a1910213339c3742f1d00
Merge: 920e680 6ea23b3
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Jun 22 06:33:28 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 6ea23b3bedd1637b71497f06170739cdb3099fdf
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jul 5 14:22:34 2010 -0400
doc on setting up overlapping tunnels in mast mode
commit f4a8edac38aed91a6358a860476a885bcd39e181
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 5 11:56:11 2010 -0400
updated changes
commit 815ba07c64f881b88c59cb1e001078d4f1b06fb9
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 2 21:47:23 2010 -0400
SAREF: fix bug in stream-socket saref mode
It was possible for certain packets (like simple no-data ACKs)
to be generated by the TCP protocol which did not have a skb->sp->ref
set. Such a packet would end up being sent through the wrong SA,
or just be dropped.
commit e5aa9558ca0bf75f346c4bfbb2f627886b7172e0
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 2 21:42:23 2010 -0400
sanitize debug/error messages from mast code
commit 38553270efd49f670bcd59335044a6408df026b2
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 2 21:41:55 2010 -0400
added TCP header flags to ipsec_print_ip() output
Since we already print a few things from the TCP header, I added a bit more.
However, IP and TCP headers could be in non-contiguous memory regions, and so
I added a note that it might not always work.
commit 31967c1a43bf49e5bed62c3eeed5fcfd12f35c07
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 2 11:37:10 2010 -0400
add error checking to saref wrapper script
commit 41e320185778d98b11ba356419d780dac662d101
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri Jul 2 09:55:26 2010 -0400
SAREF patches ported to apply on 2.6.34
Signed-off-by: Bart Trojanowski <bart at jukie.net>
commit 920e680bace805ffc369163b4e789bb14ff40853
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Jun 22 06:30:47 2010 -0400
Replace rmmod with modprobe -r to remove the ipsec module. This make sure the postinst script will not fail if the module is not loaded as modprobe does not complain for that.
commit 22324a9b20acedc78eb122299c884c7915a019b7
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 21 17:10:52 2010 -0400
SAREF an ld-preload library for binding saref
commit 5513b4cb4f09aee11b975932cdf288078b44f41a
Merge: fa5e656 cc83e34
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 21 19:24:42 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit fa5e65626cac90d3438533b3c4c3072c7f89016d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 21 19:24:16 2010 -0400
l2tpd -> xl2tpd
commit 0f2341abb432978b9466921b7727146509aa8eaf
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 21 19:17:35 2010 -0400
Removed html comment for vim from MastRework2-brainstorming that
gives an error with stock vim.
commit cc83e349e2358b33a258252f5a1159b5b0205813
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Jun 21 17:26:13 2010 -0400
Fix a few lintian's warnings
commit e3d13b20dae3908611590d4771e712c8b8fef5af
Merge: b556f75 c6f6de5
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Jun 21 16:35:08 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit b556f75bfa858cd658285cd4dfa4c2dc199a5eb1
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Jun 21 16:21:52 2010 -0400
Change the make module26 to make module in the DKMS rules script.
commit c6f6de5489baf425446f88bb5ae4f43c49e779a9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 21 16:05:58 2010 -0400
Bart had pushed some changes into 2.6.27 I had not noticed, so fixing
the changelog for 2.6.27.
commit 5c36321b178aa3bfc057f0d7b9654a0ded61ba0f
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 21 14:41:14 2010 -0400
MAST: brainstorming some ideas for improving saref code
commit eee15d7af74c8dec0065ce0b0f03293e7b3eacb1
Merge: fa542d4 bc5b46f
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 21 14:39:32 2010 -0400
Merge remote branch 'vault/master'
commit fa542d4451ef8820cc475f4eaaaa7c723d4b5608
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 21 14:34:16 2010 -0400
MAST: remove iptables rules after SA is deleted
commit c29ca075350805856de613d019446ffc2175d820
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 21 14:31:18 2010 -0400
MAST: cleanup updown.mast iptables rule management
commit ec619b97e6f31b556f923d924b1c49c198ca8647
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 21 10:23:07 2010 -0400
MAST: rework mast init scripts to use conntrack
this removes the overhead of scanning the IPSEC chain for each packet, but rather once per new connection
commit bc5b46f65867cc78a4eccd4b7cdd15b24069dcc2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 21 11:27:00 2010 -0400
updated release date of CHANGES
commit 7c7f73c4581f2b83e2de842809d281e00596a8e5
Merge: eade0ba 8111960
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 21 10:38:26 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 8111960fc422b0157b2daddcc9be2d5fe4a9b87d
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Jun 21 09:40:33 2010 -0400
Converted some sprintf/strcpy into their safe versions with the right size arg.
commit 3c7aa402f510aeee3f911e41f4b02d02e2048f94
Author: Simon Deziel <simon at xelerance.com>
Date: Mon Jun 21 09:23:55 2010 -0400
Revert "Converted some sprintf/strcpy into their safe versions"
This reverts commit 160062a5f20fce1486d93c0ad3c8e88dbaffef45.
commit 160062a5f20fce1486d93c0ad3c8e88dbaffef45
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Jun 18 22:54:26 2010 -0400
Converted some sprintf/strcpy into their safe versions
commit 44ed284c1905362005fbf3be8f6070ff09ea4ef4
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Jun 18 22:18:05 2010 -0400
Use the appropriate format specifier for size_t
commit cb67dee1e683043a06142b410c911f8b71895e52
Merge: 79c5b02 779465f
Author: Simon Deziel <simon at xelerance.com>
Date: Fri Jun 18 12:21:49 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit eade0ba6e32e7464db3407dfc89b0d00474e2669
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 18 11:39:15 2010 -0400
updated changes
commit 779465f8a2613712ad67806bde21857a07d5f2a8
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jun 18 10:58:47 2010 -0400
remove the extra comma from last commit
commit 50462fbff09268eab227195b121e43344fb673a7
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jun 18 10:53:05 2010 -0400
fixing one more esatype parameter being passed a sadb_satype
openswan's SA-type number space diverges from the kernel SA-type API number space.
in this case eroute_connection was being passed K_SADB_X_SATYPE_INT instead of ET_INT
commit 48e6bd3e88496281bbb40855916b2dc243f2f26b
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 16 20:54:24 2010 -0400
Use char array for name_buf instead of u_char
commit 79c5b0294e0f8135bd7f35757afc9491aee16a0d
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 16 20:54:24 2010 -0400
Use char array for name_buf instead of u_char
commit 2a3d98d74dbeee8a1f984ef2f472686aa4a7c887
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 23:35:44 2010 -0400
updated changes
commit e57cb30b192f09a64c3d34841eed21ae7a3eb0d5
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 16 21:13:26 2010 -0400
Add some const qualifier
commit 750b7ac8cfb0dac233396bb0a82550f80ef9eaa8
Merge: 511bf4c b30a228
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 17:16:58 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 511bf4c7a5b3916b2614eb705951f5c4cf438c62
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 17:12:58 2010 -0400
updates changes
commit edd4ee49572f79222cab28a8003f2fb1b9acc49b
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 17:12:11 2010 -0400
Fix two int vs size_t warnings in xauth.c
commit 96540c9612b5b4612bfaeb9a4eece07c60243020
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 17:10:57 2010 -0400
Fix a signed vs unsigned warning in unpack_txt_rdata / adns_continuation in dnskey.c
commit ad8c75d950402918bf5c5dcbeafae344da4018e3
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 16:49:09 2010 -0400
st->st_oakley.integ_hasher->hash_integ_len is an unsigned long int,
not an int.
commit b30a228081bd857a9acb75c261304d8e98ad0145
Merge: 8fe7eaf bad4e1e
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 16 16:47:15 2010 -0400
Merge branch 'master' into simons-work-on-master
commit bad4e1ea23ec5061c800e99e377a3d565c655a5e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 16:30:47 2010 -0400
updated CHANGES
commit cae5af428a5182ed0f9d08e9979134703f1ce1b1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 16:26:30 2010 -0400
The encapsulation mode enum_names were broken, causing the rather
strange message from spdb_v1_struct.c:
ENCAPSULATION_MODE_UDP_TUNNEL must only be used with old IETF drafts
(where we would expect ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS instead)
Since nothing else used these enums, this was not seen before.
commit facd4a6433a7cda2392e921f96fa3b2dd61a86ba
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 15:55:43 2010 -0400
Remove duplicated defines for ENCAPSULATION_MODE_UDP_*
commit 8fe7eaf73578ec4026ddf4121ccfcdb0c29fed5f
Merge: ff98813 c85de61
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 16 15:25:27 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into simons-work-on-master
commit c85de61c40151211d7b6e949dfa8282c31dca537
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 15:00:53 2010 -0400
updated changes
commit 4a8108df00ad2c592b931b2bd0ee6061c8eb992f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 16 15:00:26 2010 -0400
Updated addcon man page to document stdin can be used with --config
commit ff988134fb75cfbf6692737eb585ab8b073e9768
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 16 08:23:20 2010 -0400
Enable addconn to read config from stdin when called with --config -
in a portable way.
commit 26b4341ddc3b2c21bc82e706a977d9aed3787ce6
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 16 08:21:13 2010 -0400
Revert "Enable addconn to read config from stdin when called with --config -"
This reverts commit 5cd1277f0182d6f92329cd2006bc2317779ac8dc.
commit 5cd1277f0182d6f92329cd2006bc2317779ac8dc
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Jun 15 21:41:50 2010 -0400
Enable addconn to read config from stdin when called with --config -
commit c73071f46c1f97051ab77c2d206173a2cdc384aa
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Jun 15 19:53:14 2010 -0400
Remove the fdatasync(STDOUT_FINENO) as stdout does not support to be synced (returns Invalid argument)
commit 066b2b27ff4ee4e737cd3c6d0a588792352f47e3
Author: Simon Deziel <simon at xelerance.com>
Date: Tue Jun 15 19:03:50 2010 -0400
Use the macro STDOUT_FILENO instead of the fd 1
commit 4651715fc468e74aba789ebae93ac47d5ee8bda7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 15 14:40:55 2010 -0400
Wrote man page for ipsec addconn. Removed cvsids.
commit 5abca5be1c87bf71f1b8e0710f257aa9918493fc
Merge: 277f98c 1e1a8e0
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 14 15:00:36 2010 -0400
Merge remote branch 'vault/master'
commit 277f98c842f5b4b2251c1a53cb43cdd28b8eee2f
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 14 14:22:46 2010 -0400
permit overapping IPs for tunnels, if config permits it
With the new saref chagnes, it's possible to setup overlapping segments
in tunnel mode. This allows pluto to create these sessions.
commit 7cee77018ddb81b3b4142f9e4858382bc7a27865
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 14 13:57:40 2010 -0400
use -n to iptables -L when purging IPSEC table
commit 1e1a8e009ce60dc6fa97ee470eda0c061baf9ab2
Merge: 20b0439 87efc04
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 14 13:53:59 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 20b0439d33460331a44aece550483ed9d98634b4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 14 13:53:03 2010 -0400
Added README.havestatsd
commit 434dfad67ed055c64cf755680a93af18b5234706
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 14 12:55:12 2010 -0400
fix typo in overlaping ip error message
commit 87efc042e4ea2eebb58ec794404ebdce7c93ae2b
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Jun 12 01:06:21 2010 +0200
remove obsoleted doc-base
commit 56b2cb812e6a2d9833692c5be923319b80d7c822
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Jun 12 01:01:19 2010 +0200
removed obsolete kernel-patch-openswan.* files
commit c15ae14c60e90ea1f2d1bccf02dff5078447f309
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Jun 12 00:58:07 2010 +0200
remove obsoleted openswan.templates.master
commit 7171745ae20c998dceda11c97901795414822a70
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Jun 12 00:33:44 2010 +0200
modified rules file to build debian package with correct upstream version number
commit 4824e348200dd4ac03f40addd8996ae76c734995
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Jun 12 00:29:24 2010 +0200
added "unofficial package" line to README.source
commit 3c59ea1f6e757dfe5753d37d60b6ec38b1540361
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Jun 12 00:28:07 2010 +0200
added "unofficial package" line to README.Debian
commit aa7dcb5b850c6c14ea9917f0c0ada60447dafd0d
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Jun 12 00:26:37 2010 +0200
moved changelog to changelog.in, prototyped and copied it to changelog again
commit 77a5873adfd0f036651536b67aecca7343ccc4bc
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Jun 12 00:23:12 2010 +0200
moved NEWS to NEWS.in and prototyped file
commit a0d2cb795eb36f75719bfb4e7121d309d137689c
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Jun 12 00:21:52 2010 +0200
removed obsolete changelog.debian
commit 5d03737f35eab4be32a97ba92a8574c5be0ea221
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sat Jun 12 00:20:18 2010 +0200
removed patch as it is obsolete since #1055 is fixed
commit 8c11bd6420516b1e7a94d403bf02c5306a0d0e29
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jun 11 15:31:54 2010 -0400
ixs->status is not always available, don't crash if it's NULL
commit 0da923b05592e475979b808f38ae5ab207c867ff
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 10 23:30:39 2010 -0400
re-ordered some changes entry
commit bf1b28febcf51343ad5b977f4bb5f073192b0096
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Jun 10 22:34:04 2010 -0400
Make 'ipsec verify' display colors on Ubuntu that lacks consoletype
commit 02e84eb845d449f5cdec8a43882e27b7c0f055bc
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Jun 10 19:24:02 2010 -0400
Fix the bad "%4:" in ipsec.conf example files (even in testing/scripts/readwriteconf to avoid copy/paste error).
commit fab4d68f54040f150c5f58df4ba3d1c17879ded0
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Jun 10 19:17:35 2010 -0400
Make the "auto" directive match the comment in the example files.
commit a0bdb3fc3546fc908eaaf74df7d5aae5535cafe0
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Jun 10 18:08:29 2010 -0400
Cosmetic fixes for few man pages
commit 5f226b96d963c07c42b313b195783605fb0b93de
Merge: 083b5c0 948c03e
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Jun 10 15:31:03 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 083b5c065721ff513860f276ee91d3000ccf7a0f
Author: Simon Deziel <simon at xelerance.com>
Date: Thu Jun 10 15:30:08 2010 -0400
Correctly expand the acronym CA to Certificate Authority in man pages.
commit 948c03ed62d3b53c3e635f1c03d3cb5ffb4254ec
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Jun 10 10:15:50 2010 +0300
Fix formatting.
commit 5be7e47283567781fd3f8208cae1e1b95e1bbfa6
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 9 23:53:50 2010 -0400
updated CHANGES
commit 4057e7ba74cc898b0ef9dcfdf8d5a9d4525f90ef
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 9 23:53:27 2010 -0400
Remove the obsolete _confread script.
commit 99ffd1c448e496e976ef43594fb007cd87d88156
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 9 22:46:03 2010 -0400
updated CHANGES
commit c985c957dd1bfb5180c5054934e82b31b43e49a0
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 9 22:29:43 2010 -0400
Correct the creation of the directory /var/lock/subsys.
Set a default value for IPSECsyslog in setup to avoid logger errors.
commit 0bed72f0fcb07b15d22ed0082681c57ccf7182d2
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 9 17:32:37 2010 -0400
Fix a typo in Makefile's PHONY declaration (uinstall -> uninstall)
commit 5fdefab21690a33787dc7d689acf6a65456b2c2d
Merge: 45b8411 8bfa429
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 9 16:19:58 2010 -0400
Merge ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 45b84112c263408ccdd52c593748e4606f3c2b72
Author: Simon Deziel <simon at xelerance.com>
Date: Wed Jun 9 16:15:24 2010 -0400
Remove the now unused folder fswcert.
commit 8bfa429786f307f32313c48b009cf86bd04140d2
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 9 15:49:48 2010 -0400
updated CHANGES
commit 51d5c7aa474d7ca27c642db57621b9fde077c16a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 9 15:49:18 2010 -0400
regenerated man page for ipsec.conf
commit c3a5223beb65dc3e1ea45175d35e1ef29406612e
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Wed Jun 9 15:42:57 2010 -0400
I have attached a patch to solve an issue in which pluto was crashing
when remote_peer_type=cisco is configured. The issue occurs only with
"remote_peer_type=cisco" without affecting any other functionality. The
issue occurred because in general pluto assumes that there is a
only one "spd" policy associated with a connection. However, when
remote_peer_type=cisco is configured, there can be more than policy
(required for split networking) leading to multiple "spd" policies.
commit 98adeffaa58d98c581c79f3d1cb95467561a8112
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 9 15:39:53 2010 -0400
Fix for bad policy when remote responding peer is behind NAT.
(bug #1106)
commit 2ab60cf8eada7908cf5581a1e9abc559e05cd327
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 9 15:37:35 2010 -0400
Per default, allow ALLOW_MICROSOFT_BAD_PROPOSAL to enable connecting
from/to Win2003 behind NAT.
commit 28773f864c1ffa461a73d01bac1bd567d979a3fd
Merge: 77321a6 90d30a8
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 8 12:22:29 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 77321a65b382aeeca708cbcb70b38f974ddf041c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 8 12:21:52 2010 -0400
added missing versions to CHANGES, ordered them by date. Added datestamps
to release header
commit 90d30a85989ca03627d909ee4f8134ea0e77cfd3
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Tue Jun 8 13:05:18 2010 +0200
correct umask of vi.po (Debian error, mea culpa)
commit 8c251075356329a9248b6640aa0ef9e99aa5088f
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 8 10:27:53 2010 +1000
Unresolved externals if SAREF not in use
guard the use of ipsec_mast_init_saref and ipsec_mast_cleanup_saref
with CONFIG_INET_IPSEC_SAREF as per elsewhere.
commit eb64a3b368bb92ef03c258d209493800b0397f46
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 12:15:00 2010 -0400
Import debian/ from Debian.
commit a9ee01273c4e4f60db55e6e6dae852033e0f3c20
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 11:17:44 2010 -0400
Update debian/rules from Debian. Drop the now useless "-fno-strict-aliasing".
commit 59a4893a49165f5fc1013d89bf51431d1bdc29fe
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 11:07:10 2010 -0400
Fix many man pages containing bad TH and NAME and misc. Thanks to Jari Aalto.
commit 7cbf1eadbcb04fe57913b4e1015adaad896d6bc9
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 10:46:11 2010 -0400
Fix groff warnings in auto man page. Thanks to Jari Aalto.
commit 2c10a61129f6996cba12cc47455be7a65f9c182c
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 10:41:02 2010 -0400
Fix groff warnings in eroute man page. Thanks to Jari Aalto.
commit cb1329a2f263fbc339bd4c93fb287f5a6301dbae
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 10:30:15 2010 -0400
Fix some typos and groff errors. Thanks to Jari Aalto.
commit 2084ed6bf8959bb14c21b03b5a26583d914dcbe1
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 10:26:36 2010 -0400
Fix a typo in barf man page. Thanks to Jari Aalto.
commit a85614a374a321d156629c02f8bfb6da444950fa
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 10:24:38 2010 -0400
Fix a typo in _updown man page. Thanks to Jari Aalto.
commit 06e088b796453d05b9f30728a65efe4639895669
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 10:14:35 2010 -0400
Fix some typos in the lwdnsq man page. Thanks to Jari Aalto.
commit ec516c286d41d270495f8be1d73af551ecf98888
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 10:11:39 2010 -0400
Fix a typo in the ipsec.conf man page. Thanks to Jari Aalto.
commit 8abe01ab574c66486a4e9a61d612d3c30dfd1da8
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 10:06:28 2010 -0400
Remove UTF characters in _updown man page. Thanks to Jari Aalto.
commit f19d23d4d58b5f2e186c8f8b4ab43432f1e0e62f
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 09:54:51 2010 -0400
Remove UTF characters in rsasigkey man page. Thanks to Jari Aalto.
commit cb73704f114e16c37ccb887bcd87836e50003198
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 09:45:53 2010 -0400
Update Debian init script. Thanks to Jari Aalto.
commit 82d2489db7f0a615a91ca9b9f6317b99cff6d59c
Author: Simon Deziel <simon.deziel at gmail.com>
Date: Mon Jun 7 09:24:19 2010 -0400
Update Debian translations.
commit 56103e0ebf29aa421b2eb5b97dad420e0547c6f0
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 7 16:08:52 2010 -0400
SAREF: set sk_saref on tcp connect()'s SYN skb
commit 06bc52c0f6c47a430e0558b9e34e84a4e412d714
Merge: ba574eb 6d78d94
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon Jun 7 10:52:53 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ba574ebc8d6c8ed26f99d286fb395f01581a0857
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jun 4 18:07:06 2010 -0400
SAREF: klips registers via saref interface
this is done in an attempt to decouple the saref patch from klips code, and thus make it
possible to build klips as a module
commit 1cbc535a40a2a4d6292f2908c52c0b1cd60b1609
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Jun 5 01:57:25 2010 -0400
SAREF: improve saref interface to not depend on KLIPS
commit abdeef23d7e1a9727a746980e18dfbce0f54cdf7
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jun 4 16:17:58 2010 -0400
add 'diff -ruN a/foo b/foo' lines to generated patches
... this makes vim syntax highlighting and folding happier
commit 36f00d0b438d6e647f4af3f837e97197d447fbe6
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jun 4 16:17:11 2010 -0400
hand craft klips patches to make them less picky
this patch makes patches applies on net/Makefile and net/ipv4/af_inet.c
contain a bit less constraint on the context into which they must fit.
commit 980af01f4850ba256effd30a2b97e282269feafa
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jun 4 11:31:48 2010 -0400
openswan.git to klips.git patch export script
This script will generate, apply, and commit saref/klips/natt patches.
At this point it probably doesn't work on all kernel versions.
Example:
patch-git-kernel --saref ../linux-2.6
commit 6d78d9489f42a386da8de51ef81d848e3e7657d9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 4 16:33:34 2010 -0400
updated changes
commit 7b1428658bfbe936ab8e1638c2e492590c1f8593
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 4 16:29:44 2010 -0400
Shinichi Furuso noticed that alg_info_addref()'s in
unshare_connection_strings() were not guarded by #ifdef's, while
alg_info_delref()'s were guarded.
commit bdc1e8eec7a32554eca120dedb0bb66c49db8416
Author: Shinichi Furuso <Shinichi.Furuso at jp.sony.com>
Date: Fri Jun 4 16:25:11 2010 -0400
I notice there's a reference count issue in pluto/connections.c. So,
there's a case that pluto grows too large.
In pluto/connections.c:
- unshare_connection_strings() clones lots of strings, but alg_info_ike
and alg_info_esp are not cloned. It increments refcounts of them.
- add_connection() and instantiate() also increment refcounts of
alg_info_ike and alg_info_esp by itself, but add_group_instance()
doesn't. All of them call unshare_connection_string().
- delete_connection() decrement the refcounts by one.
- alg_info_ike and alg_info_esp are not NULL when its configuration has
esp= or ike= lines.
To reproduce:
ipsec.conf and a command are as below, and you can see pluto consumes
lots of memories.
-- ipsec.conf
config setup
plutodebug="control controlmore"
conn test
authby=secret
left=x.x.x.x
right=%any
esp=aes-sha1
ike=aes-sha1
auto=ignore
-- command
commit 37ce8331ef05ee879bbe7db0984cfbca97969664
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 3 12:38:19 2010 -0400
Change the default protostack in ipsec.conf to "auto", which will first
attempt netkey, then klips, then mast.
commit 8f72426ae5f992908583f51b4bcc3962484ffb88
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 2 12:31:06 2010 -0400
cleanup old commented passert() line
commit 2ef38f39661f060af434cc75f02cf30c6e4c146a
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Jun 2 14:33:15 2010 +0300
Update changes.
commit eb5c6257e5763fb49265c32abb0deefa97a60f80
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Jun 2 14:30:38 2010 +0300
More comment cleanup.
commit 4c817355e1032bbb4dafd2599ce9d0399f612310
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Jun 2 14:23:07 2010 +0300
Source code comment cleanup to C-style.
commit 054b506e5d5ff04c89c67462187205551add1bd2
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 1 10:42:11 2010 -0400
regenerated ipsec.conf man page.
commit 94b3a05c01c9b8ca05ed58d51e221b2024933937
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Jun 1 09:53:54 2010 +0300
Use proper C comments.
commit bd9dcf537a1dc405a2da8f84ac6df3cb78858c29
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 1 14:02:35 2010 +1000
Fix warning from multi-defined IPSEC_SA_REF_MASK
Just comment out the ipsec_sa.h version for now.
Its also defined in openswan.h
commit 26380a21375c5a994c00c67b68b365d03bffa7a6
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 1 13:24:37 2010 +1000
Update statsd comment to openswan-statsd
Fix comment to match current state of the nation.
commit 40de211d8402cff46306895bd8d9c3f133815c84
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 22:23:43 2010 -0400
updated changes
commit e3af8f228c04543b8b9139a2c80eba2569fdc65a
Merge: be448ab 590418c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 22:22:16 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit be448ab177d63f24acfaf34610ea0f7d4c0810f2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 22:22:03 2010 -0400
update changes
commit 590418c4764129f82978d997b54e19fa4a066718
Merge: 962a1a7 5d86438
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 1 12:21:27 2010 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit d87bc0cf7eddbbb39546f0dac628973cf2154077
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 22:20:31 2010 -0400
change the name from /bin/statsd to /bin/openswan-statsd to avoid
using namespace that is too generic.
commit 5d864380505ab53893d2340a83858e932826187c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 22:16:07 2010 -0400
Log the nfmark instead of the saref with HAVE_STATSD to make it easier
for other code to work with the mark.
commit 48164efb0b800ef619e90d225928ee0062941ba2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 22:09:28 2010 -0400
Fixed typo in openswan.h. IPSEC_SA_REF_MAASK -> IPSEC_SA_REF_MASK
commit 962a1a7baa446c7a1d7d2bb4c5399fe3c998e97d
Merge: 0c792c7 9dfa4df
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 1 12:08:50 2010 +1000
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 0c792c76b3b86d230a2d18f6fcf012e664ee3b89
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 1 12:06:52 2010 +1000
Working klips on 2.4 kernels
A few small updates that get klips working on 2.4 kernels.
Cleaned up ipsec_kern24.h usage, it is now only used on 2.4 systems
as the authors intended :-).
commit f9a606dacc735592f984b3547553f1b294dd9050
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 21:58:02 2010 -0400
update changes
commit 9cd66c2c3cdf34efa585708eb8f0aa0b91b5e1cd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 21:57:07 2010 -0400
updated aggressive mode man page.
commit 43f674f3bdd6d20421502fc8664ab915cb098641
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 21:44:35 2010 -0400
Allow multiple transforms in Aggressive Mode, if the DH group is the same.
Patch by Michael H. Warfield <mhw at WittsEnd.com>
commit 3b08003597d6d24913dce1d880d512daf2253010
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 21:42:35 2010 -0400
updated changes for SAREF items.
commit 9dfa4dfe5e03be3a0ae5025509dc9b0a581382a7
Merge: 4051023 cedb89c
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon May 31 20:40:42 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 4051023e5fda54dc9ac8cd12303e0b850d419008
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon May 31 12:26:01 2010 -0400
sarefnc: use IP_IPSEC_BINDREF to "bind" socket to a SAref
commit 94429f011efd1a17d7c160795b427c64d2683867
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon May 31 20:40:20 2010 -0400
SAREF: add kernel patch that adds IP_IPSEC_BINDREF
commit 355807976b4ad4ba09ce53417da17d3c50197d59
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 1 10:23:42 2010 +1000
Removed unused innersrc from ipsec_xmit_state
We assign it, but never use it in any way.
commit cedb89cc6fb2bb0053044325efeccc2bcac0e805
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 19:17:27 2010 -0400
updated changes.
commit f35fb13085411de5a05fc03fbd651fc9dfae181d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 19:15:06 2010 -0400
Log the saref him/me with HAVE_STATSD=true
commit dc967f515f3ed7db73904809fadc86a6a78ea269
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 17:21:50 2010 -0400
updated changes
commit 6c4e62c3dce52e3d72f8c5f6ba59f5d1d6eb501f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 31 17:18:10 2010 -0400
run load_oswcrypto before trying to read rsa keys in showhostkey.c
Patch by Kevin Locke <kevin at kevinlocke.name>
commit 7f84ca90ac15dfc832dad8ec77098d95afccb10f
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon May 31 12:25:13 2010 -0400
SAREF: add define for IP_IPSEC_BINDREF in openswan headers
commit bf9ad9fa4f343b00fe607d1e49939b018e5328ca
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 31 10:44:42 2010 +0300
Update changes with Bug #1110 info.
commit 9096983f4de13d52b99c6b71eab9e1764cdb57ce
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon May 31 11:52:10 2010 +1000
Removed unused KLIPS_EXCEPT_DNS53 code
Discussed on the dev mailing list, this code is not compiled in, is
unmaintained, and as best we can tell, not needed any more, so get rid of
it.
commit f4854603cf3e09daa7325d9a1098ed115f28e66d
Merge: b0ed093 c283b20
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri May 28 19:09:00 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit b0ed093ac419d3d693f92c131bb7a7ef7a8558ec
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri May 28 18:28:26 2010 -0400
sarefnc: add nc variant that's IPsec SAref aware
commit ff73cf03c732608498d72a52c08408ff1f32fa69
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri May 28 14:48:51 2010 -0400
sarefnc: import netcat v1.10-38 from Debian
commit f4b28144fbc9b04ea77d1a7bf92f38e68881a8ac
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 28 11:43:33 2010 -0400
updated changes
commit cdac2271709eacf1598f1afd7f1d58c0c8cc60fb
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 28 11:42:10 2010 -0400
Remove the af_inet.c hunk from the SAref patch, as it is part of
the klips patch.
commit c283b203ac751d7f9b2ea767eb16697c53fe82a4
Merge: ab5d0b1 7e88104
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri May 28 13:33:00 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ab5d0b1fecd5a9a45a789a1cadbe57e550fc03e1
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri May 28 13:30:48 2010 -0400
MAST: don't double free skb if there is no SA
commit 7e88104e6dca0d250c7393ea1bdefb84dc42a728
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 28 11:43:33 2010 -0400
updated changes
commit 033c47304e7abbeab49f359b8ac7355889c06894
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 28 11:42:10 2010 -0400
Remove the af_inet.c hunk from the SAref patch, as it is part of
the klips patch.
commit c78001974df9dbe3b0bf477cda04a85a480a23a0
Merge: ca38df6 506b1b0
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri May 28 11:20:09 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit ca38df611f55cdef128d48ac2cc7aaf3c31c2be0
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri May 28 10:37:56 2010 -0400
MAST: try harder to reset nfmark after encapsulation
Ideally we'd like to pass the packet to netfilter, but it seems to
cause more issues. This patch makes sure that the nfmark with
a top bit set that came from a mast device will have the nfmark reset.
commit 506b1b0c1ca03a4695f7428fd9db5f1357166324
Merge: a4f8334 1321dbd
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri May 28 18:04:01 2010 +0300
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit a4f83345f9150498c1c14c6b008f692a2b939756
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri May 28 18:03:26 2010 +0300
Update changes for #1101 fix.
commit 1321dbd34258aedd13c2f02162173f28f11a6633
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri May 28 10:17:17 2010 -0400
MAST: check for mast source before routing
Once we change the skb->dev we can no longer figure out that we came from a mast device.
commit b9edf80afd729693d5643dbaecaf81ce6278b7d7
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri May 28 16:29:02 2010 +0300
Added ports to Bug #1101 fix logging.
commit 217f34cf9dd1984b958bdf26731a47bb12b3188f
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri May 28 15:53:42 2010 +0300
We have a bug somewhere in the code where NATD port of remote
gets applied to protoport port of host. Happily it only seem
to affect natted transport mode so we can undo that corruption
here. This corruption of that_host port selector port is random
so we couldn't find the place where it happens. This is work-around
for Bug #1101.
Patch by Mika Ilmaranta <ilmis at foobar.fi>
commit 7cd507a8dc1b59d813dcb0d54e3799c868b456f7
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed May 26 19:12:39 2010 -0400
MAST HACK: don't pass encapsulated packets through netfilter
commit d93ed5bb0fc057c13b5923502e102e0b2f3e3043
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed May 26 19:11:41 2010 -0400
MAST: reuse the old ispsp unconditionally when in mast mode
mast mode here is detected by having a ZERO said.proto, which would never happen otherwise
commit eeb4193188d384060efa1e57f8eba39cee49edee
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed May 26 18:58:15 2010 -0400
MAST: reset skb->nfmark to avoid encapsulatoion recursion
an encapsulated packet with a magic nfmark would be forced through mast0 again,
and be encapsulated endlessly
commit 0c48f4afc13d9bf5486b5dfb719b9baaaa69cf3a
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed May 26 18:58:59 2010 -0400
cleanup reference counting on net_device's
commit f799004288cbf6fc0675458c42a166dd5732aa59
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed May 26 19:12:20 2010 -0400
be weary of endless recursion
commit 6793e43951a99b623581d767901bc3e8c562a7b7
Author: Bart Trojanowski <bart at jukie.net>
Date: Thu May 27 22:49:53 2010 -0400
klips.git to openswan.git patch import script
This script will take changes made to a klips-patched kernel git repository,
and import them into an openswan.git linux directory. It may someday also
update saref patches, but currently fails if presented with such an option.
The basic operation would be:
- clone a linus/ubuntu/etc kernel tree using git
- apply klips/saref patches as normal, but create a commit when done
- hack and commit in that kernel git tree
- then use this script to import klips changes to openswan.git
Example:
klips-patch-import --kernel ../linux-2.6 --head some-branch -n 10
... above woudl import 10 most recent patches made in the klips git tree
on the 'some-branch' branch.
commit 41f1674d684c828b5f973c96840d22d7123ae21e
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri May 28 00:12:15 2010 +0200
spelling fix
commit 01c5e8cc3b32c1e8ab71cabed59cba44e7d467cc
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 27 10:06:14 2010 -0400
ipsec.conf.5 had to be regenerated for new nm_managed option.
commit b6ca364a68a3a73b50094105658b2a8b15b4661c
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed May 26 18:06:46 2010 +0300
Update changes.
commit 1bb50197ce6b4e57e969fef0c44b4eeb0af5ca89
Merge: cfea167 cb9c527
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed May 26 18:01:57 2010 +0300
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit cfea1673b655b9ad32344895ebf9128436ea8503
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed May 26 18:01:35 2010 +0300
Update changes.
commit 2e5baf458a1623271843ab60adb8863e1865dab5
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed May 26 17:34:32 2010 +0300
Update changes with correct bug number, #1096, not #1032.
commit cb9c527de3435eb3432ff74ddca89277acab95f7
Merge: 00a2f45 9a8b855
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 26 09:42:12 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
Conflicts:
CHANGES
commit 00a2f45786721e13cf809740052bddf8db455172
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 26 09:40:36 2010 -0400
updated changes
commit 151200168da86066eef51ad7a3925debaa5ae29a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 26 09:38:34 2010 -0400
Remove check for "valid RSA key" in ipsec verify. It's pretty bogus
as an error, since there are so many setups without a raw RSA key.
This resolves #76
commit 9a8b855bd15ce6b22094f60996bc4b1e92892fb2
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed May 26 15:55:49 2010 +0300
Update changes.
commit 7388cae753406dd7e43664b7eb376c70d0902124
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed May 26 12:22:51 2010 +0300
Update changes.
commit c0749d5ef5f02e461dd065fcf0153de8e35914f7
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed May 26 12:20:39 2010 +0300
Fix checks for virtual_private to do something meaningful.
Cleanup formatting of source code.
commit a18db05a5c0f1352305371d8d5ab4ec56f8a7451
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 25 18:24:22 2010 -0400
Updated SAref patch for the 2.6.32 kernel.
commit fba1ca7089974810d548e126cc28346a11fc0f55
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 25 17:25:42 2010 -0400
updated CHANGES
commit 39aa9c6d6d22dd458da8ea1c0319795f8fd0960c
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon May 24 20:37:04 2010 -0400
execute startklips when protostack=mast is used
this is particularly useful for klipsdebug=all
commit dd9265cb3ce7d4c6392fa711d35ee6677e2a88c7
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon May 24 20:28:21 2010 -0400
cleanup errors generated when klipsdebug=all is used
commit 89015416323e204ad83d8fdd27d15f37ea79f041
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon May 24 13:14:02 2010 -0400
avoid crashing when ixs->dev is null at delete time
This will happen if we we don't have an SA that matches the packet,
and possibly under other failure conditions.
Signed-off-by: Bart Trojanowski <bart at jukie.net>
commit 99634880325f6ca2b2c88143a53a66f44d95e635
Author: Bart Trojanowski <bart at jukie.net>
Date: Mon May 24 16:56:10 2010 -0400
ipsecX route metric fix for Ubuntu 10.04
on startup, ipsecX route would have a metric of 0, but the systems' route for
the real device would have a route with metric 1. That means, that as soon as
an SA with that route was initailzied, no packets woudl ever make it out on
that route.
This commit will detect a case where another route exists with a non-zero
metric that matches the spec assigned to the ipsecX device. If that route
is found, it will be moved to a higher metric an the other routes.
At this time only Ubuntu 10.04 is known to create system routes with metric
of 1. Other systems should not be effected by this change.
Signed-off-by: Bart Trojanowski <bart at jukie.net>
commit 981f1611ab69df43f839ca9644e2155f12bc9b58
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 24 12:52:03 2010 -0400
protostack=mast was not set properly after the autopick changes.
commit e83b58045a26e9c7cb6afbdddb38b4b21ca398b0
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun May 23 11:06:50 2010 +0300
Use safer way to check for PLUTO_NM_CONFIGURED.
commit 8b5f9d99964e6c560b053097741a46e474ccdbbc
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun May 23 11:00:55 2010 +0300
Simplify logics for PLUTO_NM_CONFIGURED in _updown.*.
commit 0cbe13284ed3f383a20cfe3065d66f4001c928e1
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun May 23 10:34:06 2010 +0300
More cleanup to DPD logging.
commit 6fb0a1cf727a2c52003d52f5a74eae0ddc5dcde1
Merge: f1cbe4d e864b77
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun May 23 10:25:39 2010 +0300
Merge branch 'master' into tis-fixes
commit e864b77db69c2e07f968e52c1943b1b7699b181d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 21 18:40:33 2010 -0400
Patch for when USE_NM is disabled. resolv.conf was not getting updated [Avesh]
commit f1cbe4d22b5e67e9863a9fdb7a9bd847b62a6cf7
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri May 21 14:10:56 2010 +0300
Update changes.
commit 522bb1a38f44a52d0541efd439dd045d948c84a4
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri May 21 14:09:37 2010 +0300
Clean up DPD logging.
commit cf87bd7b2d7d258a06eb54a3ebb8be9f32d9c1c2
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 20 17:24:29 2010 -0400
Remove the "funk" stack scaffolding. It was never implemented.
commit 328d4df18b72be36aacabc23dd61a58c27e3dd89
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 23:22:15 2010 +0300
Add missing ";".
commit 81a8e0eb785f9725bb554535e08acf6677382d65
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 23:10:15 2010 +0300
Fix wording in debug logging.
commit 09937a1b190d89ff881e7fcd6fecc44677ae8ddf
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 23:02:27 2010 +0300
Give better debug logging when we hide client with transport mode.
commit 6bb067744b310b17938157250db7ce1d370e85ad
Merge: 4e75a1c 7f8af96
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 21:12:56 2010 +0300
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 4e75a1cac72e4168e3dff874896743b3bf02a618
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 20:48:37 2010 +0300
More cleanup to new #1004 fix.
Changes by Mika Ilmaranta and Tuomo.
commit 7f8af9613fbc091732a6c0e5d3825009e127449d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 20 12:11:10 2010 -0400
Fixed PLUTO_NMCONFIGURED -> PLUTO_NM_CONFIGURED. Spotted by Avesh.
commit 4d8df78ffcf3608a93ac6e08c64d2f2eed667897
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 20 11:14:29 2010 -0400
Fix for man page generation introduced a few commits ago with
merging in the nm_controlled feature.
commit 7c333233533709d8c5bbd55526bae15c27271a6c
Merge: 45851d3 79c173d
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 15:31:15 2010 +0300
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 45851d36fc74e487f513c15082f80c0205e3d4da
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 15:30:23 2010 +0300
Update changes.
commit 3f6764eccba597960f5b33428946058b1acf9377
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 15:18:43 2010 +0300
New fix for bug #1004 and #1085. Original fix for #1004 was incomplete
and wrong and caused natted road warriors to fail on rekey.
Patch for the issue by Mika Ilmaranta.
commit 3d1eeba953f565e130af4945bbaa1a3c89e97f98
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 15:16:27 2010 +0300
Fix comments to show correct values for proto in examples.
commit a80f3be41caf43ffd0f2f487433d279c6d46aeef
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 14:39:37 2010 +0300
Remove broken bug #1004 fix.
commit 973f56f36dd94519203390b96c5db93672f7c638
Merge: ddfe0ef 6ba4379
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu May 20 13:11:05 2010 +0300
Merge branch 'master' into tis-fixes
commit 79c173d2e82000a84541a88715d89190203f5faf
Author: root <root at thinkpad.xelerance.com>
Date: Wed May 19 19:49:09 2010 -0400
updated changes
commit f4cb08dc5423eb7c7488a73b26df5de62b0d0e5c
Author: root <root at thinkpad.xelerance.com>
Date: Wed May 19 19:46:10 2010 -0400
Support for the option nm_managed=<yes|no> ordirectly using the
whack --nm_controlled option.
Currently, setting this to yes will cause openswan to skip
reconfiguring resolv.conf when used with XAUTH and ModeConfig.
commit a0b9c4cd201a79e1ffe7764d9bbb13617acea78b
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 19 17:24:10 2010 -0400
updated changed
commit 3615e17463ae0469e519a3f01b09815d9b1e784f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 19 17:21:58 2010 -0400
Support for remote_peer_type= in the whack interface and remote
banner support (Cisco). Patch by Avesh Agarwal
commit d72f1d7f3d005cbde45d4ba5e829214d8973c6ee
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 19 13:42:14 2010 -0400
remove RCSID
commit 6ba437934ad1f543048b8041318c8a8d789c7d45
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 17 14:15:05 2010 -0400
updated changes
commit 79d01c494e4713be7e6e0a6f5c1a5d460870b138
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 17 14:13:37 2010 -0400
Updated SecureClient patch for CheckPoint hybrid mode by Yair Elharrar
in contrib/
commit 8196d3b67a138d8d801fec68652d3a546d86028b
Merge: b25fc60 c22943e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 17 10:28:59 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit b25fc60a51e994cc4d8a259d0222fc4a48dfbac3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 17 10:28:46 2010 -0400
updated changes
commit 538d472cb29c10ddc99770fa4a2229fbef977db0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 17 10:27:13 2010 -0400
Use correct offset in ipsec_rcv_ah_decap. Patch by Wolfgang Nothdurft.
This is bug #1094
commit c22943e720699335858ee72e614c5e667968920d
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 17 13:11:58 2010 +0300
Revert "Don't set virtualwhy for non-virtual conns - it might match!"
This wasn't correct way to make vhost:%no work.
This reverts commit 46384b91d30a5b550fa125e8c15aaafee61e930a.
commit ddfe0ef284dadb566b96dcfa27da3ab4b723519a
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 17 11:44:39 2010 +0300
Minor satype -> esatype cleanup.
commit da58ecab470d05025cad68c950276ec0a275c9f5
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 17 11:25:00 2010 +0300
Update changes.
commit 1990a7ca3b08085fdfc194477608807d5625d694
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 17 11:21:44 2010 +0300
Fix mixup of proto and transport_proto in comments.
This will likely break bsdkame interface which had things mixed.
commit 5f8f2148d28e13730b7dd469aa2b4fb8c9acdbc9
Merge: 46384b9 886c61c
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 17 00:26:41 2010 +0300
Merge branch 'master' into tis-fixes
commit 886c61c3880ea89d4de72f78c0a86d66d91c059b
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 17 00:09:25 2010 +0300
Fix typo in virtual. Patch by Mika Ilmaranta.
commit 46384b91d30a5b550fa125e8c15aaafee61e930a
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed May 12 15:03:33 2010 +0300
Don't set virtualwhy for non-virtual conns - it might match!
commit 604cb6d52487d41107f323d15eb7d47bea2727e0
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue May 11 15:51:55 2010 +0300
Fix debug logging of find_host_connection2.
commit 7e1a7effcd8a1e4ec1f664967fdca0b548d73671
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 11 01:47:56 2010 -0400
update CHANGES
commit 1f1283674a2ac2ce601c9ef05540f2c4a1c6ec79
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 11 01:47:06 2010 -0400
Compile for NETKEY without KLIPS fails with missing symbols #1104
Patch by Hentry N.
commit fe078e7d3a2e84ea049a224f77bc0b7f8380012f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 11 01:44:42 2010 -0400
Don't assume we use KLIPS on Linux. Patch by Hentry N. (#1104)
commit 0825743900f2a1f13bda0a4a2e7e743288b6747a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 11 01:42:32 2010 -0400
buildfix for showpolicy.c when using gcc 4.5 by Paweł Zuzelski
commit 2f52c160fca80e35b8156238ada96412ce55a01f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 11 01:41:35 2010 -0400
buildfix for showpolicy.c when using gcc 4.5 by Paweł Zuzelski
commit 8235ebb272fca3fcaa733009c65cdd67a30e3ddd
Merge: 30ca6a7 fbd0b1d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 11 01:39:52 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 30ca6a796e50d6d127b18c077c8c13578724470a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 11 01:38:36 2010 -0400
updated changes
commit 33e116268cd7d7f838eb811893b0621c4c964cd4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 11 01:35:11 2010 -0400
Fix for gcc-4.5.0 warning on enum comparision. Patch by Paweł Zuzelski.
Confirmed by dhr.
commit fbd0b1dc420eac978838f9aba207b83e4d5b6b93
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 10 15:58:33 2010 +0300
Add plutodebug=nattraversal back for compatibility with old configs.
commit a68cbad944bf111c5e17c2ef2fa470259596a141
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 10 15:45:12 2010 +0300
Update changes.
commit e00e90f20e66b663a0756f177e8beae97c5aa55b
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 10 15:42:14 2010 +0300
Fix name for plutodebug value to be natt to match whack option --debug-natt.
commit b79b9d8a67e29ae7df923c03e5ad05c7e2e806cc
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 6 11:12:27 2010 -0400
Some changes to the auto-pick kernel code based on David's patch.
commit 7dd6c40eb33d44ee89d92ad118b4302a5fb566b7
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue May 4 13:49:09 2010 +0300
Update changes.
commit 08019d5a9e616f878dfaf0a435ff3ed22ac70427
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue May 4 00:18:30 2010 +0300
Update changes.
commit 54c7ce95f4225abf66a61a7e18c1fe519ea8c1ee
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 3 17:12:02 2010 -0400
updated changes with bug# for ASN1 fix.
commit 3dcb025f5df4b71581420ac6082d9720dbeea587
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 3 16:25:14 2010 -0400
updated changes
commit e821ffc13aad42ddecd96c6990dd47ed9ae759fd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 3 16:23:46 2010 -0400
Fix for certificates expiring after 2038 on 32bit machines [Andreas Steffen]
commit 0ce654bcb1f566599fdb0b6b4ef6f88109316294
Merge: c885bdc c32bbae
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 3 15:12:17 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit c885bdcf6db877c6aabfab9f1dda5c171911e164
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 3 15:11:16 2010 -0400
- README.nss was not shipped when building with buildnss=1
- certutil dependancy was missing when building with buildnss=1
commit c32bbae6c7995a3464676f312f2cf6f6e67c3842
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 3 17:27:24 2010 +0300
Update changes.
commit fa46065b18f44bba86820dea82aed2b30ea35f9f
Merge: 5deb30b 19015e1
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 3 12:02:38 2010 +0300
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 5deb30bc71bf281ee8037c662560773d6b772c48
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 3 12:00:53 2010 +0300
Update changes.
commit 403c022c46d846f7b028c8504e723cc8a5e1d2bb
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon May 3 11:16:22 2010 +0300
Get trap handling back from v2.6.24 and remove testing workaround for
acquire rekeying.
commit 19015e166faab1e3f1c458289519a90f75fa5c38
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Sun May 2 09:07:49 2010 +0200
added changelog entry for %prompt
commit 0ede307846e15d2d8f82affbfba7695abfd7ce6e
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Apr 30 16:40:55 2010 +1000
Fix formatting
Fix the formatting from e5b9b8c147957e51ce8560280c18caaccb73c5cd :-(
commit e5b9b8c147957e51ce8560280c18caaccb73c5cd
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Apr 30 16:31:53 2010 +1000
Fix assertion failure when removing routes
In delete_states_by_connection:
ASSERTION FAILED at .../programs/pluto/state.c:691: sr->eroute_owner == SOS_NOBODY
kernel_interface was left set to AUTO_PICK even though USE_KLIPS had been
selected by the code. Note sure if this actually affected netkey or others
but it may.
This change makes sure that, once an interface is selected, everything points
to that interface being the one.
This was a subtle side affect of fdfb59b413eec432969014762ceb847ef7e5e9a4 :-)
commit 48c709ae189ebaeae032395c78a3ced7a4bf96fb
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Apr 27 10:40:32 2010 +0300
Fix CK_PERMANENT rekeying exception more readable.
commit 0e19cbb3f668d6bb019519584b74d150a37fb05f
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 23 22:08:18 2010 +0300
Clean up quick fix.
commit 3f5394bfa4701df8c2e1ff7018ea05f06354b094
Merge: e0d2b88 f77cc13
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 23 10:19:14 2010 +0300
Merge branch 'tis-fixes'
commit f77cc13bcee8f3cc5f08df9417d4b25306877bec
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 23 10:01:35 2010 +0300
Fix rekeying CK_PERMANENT because of spurious acquires.
commit e0d2b88bb5ffef8890f22bd50f049ce50e0a2851
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 23 00:20:28 2010 +0300
Update changes.
commit 30f88be14ed2db15bcf617c94757f0ea1e329290
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 23 00:11:43 2010 +0300
Fix previous change so it might work with klips.
commit 42e9ba4cd79187d0fe32ae6c1e29cf7e2ef7f916
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Apr 22 12:42:43 2010 +0300
This commit reverts changes which did fix spurious tunnel rekeyings
because of netkey acquires. But unlike those work-arounds this
change removes reason for those commits by always returning with 0 from
initiate_ondemand_body. And those reverted changes broke on-demand tunneling
by %hold state.
If we return with non-0 value bare shunts are left behind and never
cleaned away causing invalid hold eroutes on netkey.
commit 1df47ef9d68aa5ed09cea6d05c1ba79c13f719c4
Merge: b6dd203 44854d9
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 21 16:51:41 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
Conflicts:
CHANGES
commit b6dd203c7c53315cd00b5f6f3bfb0fb009c84bb8
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 21 16:50:39 2010 -0400
update changes
commit 732cbee06cad4880cde72bf218d8e94dc9cf1d5d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 21 16:48:38 2010 -0400
Fix for compiling without XAUTH (introduced with remote_peer=cisco support)
Patch by Thomas Geulig
commit 86739b97dc41f9c9424ff4726375a9eecb8ecb20
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 21 16:40:15 2010 -0400
update changes
commit fdfb59b413eec432969014762ceb847ef7e5e9a4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 21 16:39:14 2010 -0400
Fix for protostack=auto when KLIPS or NETKEY is not compiled in.
Reported by Thomas Geulig.
commit 44854d941000bc82792fc0bba856a6ea289ef0d9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 16 22:43:50 2010 -0400
update changes
commit 51be4e95e34014e9180ecf68a7c1a77038f6c71d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 16 22:08:51 2010 -0400
Call _startklips for the mast stack as well as the klips stack
commit 1a3dd4ef9b62e1e0489cdc53c19e30a570dd39b6
Merge: 67fb91a d950ed0
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 16 21:34:40 2010 +0300
Merge branch 'tis-fixes'
commit d950ed0ffb93ac882ed42c7ef68f03236dbea377
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 16 21:23:09 2010 +0300
Use return instead of setting work = 0; and continuing.
commit 5cb55bb24b058cc094f3a8e2a45f5272e37a93db
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 16 20:27:19 2010 +0300
Handle CK_PERMANENT.
commit 67fb91ab866b1235bccd69d0f99c1405dcf2843b
Merge: faf6c59 ee7476c
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Apr 16 10:13:16 2010 -0400
Merge branch 'fixes'
commit ee7476c8c9be98ea39a7a347977e7a2a45b8d9aa
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Apr 10 23:06:22 2010 -0400
permit klipsdebug --set all
that's what is called when someone sets klipsdebug=all in ipsec.conf
Signed-off-by: Bart Trojanowski <bart at jukie.net>
commit e54ba22f4d232e39648b0b50eb7cd895973c306d
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Apr 10 20:40:37 2010 -0400
gnumake doesn't have an 'else if' directive
this fixes the following warning:
Makefile.inc:308: Extraneous text after `else' directive
Signed-off-by: Bart Trojanowski <bart at jukie.net>
commit 8cf6253096a4dca0ee9b0fa80e9759dedf7c4e8c
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Apr 10 15:37:01 2010 -0400
Two more sections with missing #ifdef NAT_TRAVERSAL
commit 7da486d9f0ac11b25a8d8e157c299347427e55fe
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Apr 10 15:32:01 2010 -0400
Some nat_traversal code was not properly #ifdef'ed
commit cbf7fb2e3c9e197812f9932e6f05515ed2c4ad67
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Apr 10 15:31:13 2010 -0400
work around the fact that OSX doesn't know anything about K_* satypes
Signed-off-by: Bart Trojanowski <bart at jukie.net>
commit dc8f4b31abf00b8a8699a65b938b2099a9e61014
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Apr 10 14:27:51 2010 -0400
when we ASSERT, show where we asserted
before an asswertion would always get logged in the passwert_fail() function,
but it's much more useful to see where passert_fail() was called from
Signed-off-by: Bart Trojanowski <bart at jukie.net>
commit e1b6fdff0fa18a2723a2f2aafa0ec8006d42019b
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Apr 9 21:16:19 2010 -0400
fix eroute_type to satype conversion for pfkey
This is a rework of 9fc2e74c61aa5c861eeeee0b71d4003c47df53eb.
Before these changes the type assigned to SAs would use ET_* numbers
instead of K_SADB_SATYPE_* numbers.
Added eroute_type_to_pfkey_satype() to do the conversion and report
proper errors.
Signed-off-by: Bart Trojanowski <bart at jukie.net>
commit faf6c599b93c386bee3ecdff58c20da71ca81d5e
Merge: 1b4e322 95b24aa
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 16 17:07:29 2010 +0300
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 1b4e32231c9a7a0854e8b8aecec2cfc26deb4356
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 16 16:33:10 2010 +0300
There is already a tunnel negotiation going on, do nothing.
commit 12d3d1d6b66509cb9ed5dc09b7075f690c86db4b
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Apr 16 10:24:36 2010 +0300
Fix for Bug #1087 acquire messages cause invalid policies to be inserted.
commit 95b24aaa748a819852beaf74783d0b08f6ad60be
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 15 13:03:25 2010 -0400
don't use assembly crypto code, not even on i386 CPU's
commit d9cd1c05f657e95e2b14520535bf5dfe7674daf0
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Apr 14 13:25:13 2010 +0300
Update changes.
commit ebf312414e76c723806ad936961253f898a97293
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Apr 14 13:21:58 2010 +0300
Port David's fixes for new ET_* interface to netlink.
commit ada80a0b1c7a79b80a715fcdd53e947352ce02bc
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Apr 14 15:59:27 2010 +1000
Fix pfkey error on tunnel deletion
The following error would appear when running "ipsec auto --down tunnel"
003 "tunnel" #14: building of pfkey_msg_hdr flow eroute_connection replace with shunt failed, code -22
This was due to some more missing esatype/enum eroute_type changes.
commit 4f9428a5ce6ab60d5795005fb4b590c732f23247
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Apr 13 21:15:04 2010 +1000
Fix up eroute_connection for klips
The eroute_type changes were not complete causing errors trying to eroute
a connection leaving tunnels stuck with a phase1 and no phase2.
commit 914e8d9fc3c1f5d4c3925a3a6519aefe088a887c
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Apr 12 19:45:09 2010 +0200
changed displayed strings when prompting for user/pass
commit ebf01a3852c8260225a351480cdb1bb44a3da775
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Apr 12 19:25:48 2010 +0200
re-enable prompt for encrypted private key files
commit a833562eb40936c63aa10bc20fe703b98256a9a1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 7 15:44:23 2010 -0400
SUSE 10.3 includes a ip_hdr() backport.
commit 2fd17cb82eeb93919877dae12fdea74136f1728a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 7 15:42:05 2010 -0400
include interrupt.h for local_bh_disable() on older kernels without
linux/asm/softirq.h */
commit cfb97bc79dcaf9b29ed7f3e65f373313b884c767
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 30 14:33:57 2010 -0400
updated changes
commit aece4c8c4d41418f0243eec816eec029526502bb
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 30 14:31:30 2010 -0400
ipsec_xmit_send didn't care about the mark of the skb, when calling
ip_route_output_key(). Therefor configured ip rules are ignored for
routing decisions and only the main routing table is used.
This is bug #1096 Patch by Wolfgang Nothdurft
commit f9e7c8ffa19451b3e3d8459084f153276a67bc7e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 30 14:04:18 2010 -0400
update changes
commit 5231295f8ca93deeea41975bcdb1dfcfcd92c6e6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 30 14:03:27 2010 -0400
Feature #1035 - Allow specifying interface name, eg left=%ppp0 [Martin Schiller]
commit f33edc6fb93362d1c8fed0aa08b0be975a3c6dbc
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 30 13:58:43 2010 -0400
updated changes
commit 8015155e2ea2a8e3551ecdad17d18d67961b7a4a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 30 13:54:50 2010 -0400
Workaround for #1093 enc alg=0 not found in constants.c:oakley_enc_names
commit 34c90dd60589be206a6e595222db5c64ede623df
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 30 13:46:14 2010 -0400
updated changes
commit cd28b961aa98801b1e995391cb80e4928b345e8f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 30 13:37:26 2010 -0400
Fix for representation of the configured and used algorithms in
ipsec auto --status [Martin Schiller]
commit 68ba0527a63b8130ef5193175101da9bedbb2fb6
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Mar 25 02:44:21 2010 +0100
more typo fixes
commit 562ebd103ae4e35dc38c39d5adbabfe89d3afe7c
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Mar 25 02:36:41 2010 +0100
fix typos
commit 1ba3aac518b8b7b403b79da557daa6ceb5b77b00
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Thu Mar 25 02:36:14 2010 +0100
fix double installation of manpage
commit 485d690d9c322e2e8f6e13b1c0fc737cb9242b26
Merge: 60f48fa fb975d3
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Tue Mar 23 20:31:59 2010 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit fb975d3ea9a00d22a3162e4315592d179983e683
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 23 21:15:41 2010 +0200
Update ipsec.conf man page.
commit b4649329d737036de0c330c1d215e1bcdf4e7003
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 23 21:12:45 2010 +0200
Fix ipsec.conf man page to use new syntax for dh group stuff.
commit 3f82b1d909356f8e9d377bccec0a90da759c4661
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 23 20:51:10 2010 +0200
Fix merge and one typo in Makefile.inc.
commit b8e1ebdaf7709cb919bc33e04cffaec24f4be755
Merge: 73ae8de ea3fd9b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 23 13:47:50 2010 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 73ae8de98bccebc22cb38e85d0bde0fec4accb8f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 23 13:37:13 2010 -0400
updated changes
commit 1d7df56ca6b6009809da1b240f9488cc63357f37
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 23 13:36:51 2010 -0400
RFC-5114 Diffie-Hellman group 22,23 and 24 support [Avesh]
commit ea3fd9b60b13b84dc36205e4e2b22adeeadcd7e7
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 23 14:43:15 2010 +0200
Update changes.
commit 77183b01b72a4b18271bcafbc997f0edb0b631a9
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 23 14:39:41 2010 +0200
Update changes.
commit 3e7501685e61908b9dbb2b15af2c62fdc7d20ef2
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 23 10:41:06 2010 +0200
Update changes.
commit dacb3df4d9c83a470c9459940c1d75dddcd794f5
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Mar 23 10:34:58 2010 +0200
Revert "Ignore a warning due to a bug in nspr that would otherwise abort the"
This reverts commit 49252a804869c62b07856e095c851e618f91e5b1.
Checking for this warning has been disabled on makefile. And this change
causes compile to fail with gcc < 4.2 with -Wall -Werror.
commit 60f48fa6753a0aabb5f22c8bea35f6b702740d16
Merge: ebd0cf2 488ab89
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Mon Mar 22 08:48:48 2010 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 488ab897e9f632591d71881f1f71cd673a165a04
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Mar 22 14:47:29 2010 +1000
Changes for linux-2.6.33 + skb_dst cleanup
.ctl_name has changes names on newer kernels.
SOCKOPS_WRAP and SOCKOPS_WRAPPED have disappeared from the kernel.
inet_sport/inet_dport name changes
Clean up the skb_dst mess while there.
David McCullough <david_mccullough at mcafee.com>
Greg Ungerger <gerg at snapgear.com>
commit b8af668471ec7a9842f9a591167ff888caac3e83
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Mar 22 14:39:05 2010 +1000
printk_ratelimit is a macro in newer kernels
Make sure we don't extern it in that case or we gets errors.
Greg Ungerger <gerg at snapgear.com>
commit ebd0cf2cdccaaca643c7a07b0a954ffaa0c635c9
Merge: f5448bb 05270fa
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri Mar 19 21:04:56 2010 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 05270fa881821201fc16a4e75145cfc884a7ebe7
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 19 10:14:33 2010 -0400
updated changes
commit 3115ee293218c4028127800eddd125389ce3944c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 19 10:13:27 2010 -0400
Add support for obtaining Cisco DNS and DOMAIN settings when acting
as an xauth client. Requires remote_peer_type=cisco. Patch by Avesh
commit a54e09756a6b211f1d4b398f22842eeac27a1d80
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 19 10:09:09 2010 -0400
Fix ESP_NULL_AUTH_AES-GMAC -> ESP_NULL_AUTH_AES_GMAC
commit 5153797051ee27f62966c237d0691bdb81c81792
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 19 09:55:10 2010 -0400
Cisco sends us a ISAKMP_CFG_ACK when we expected a ISAKMP_CFG_REPLY.
For now allow either, though this should be verified by the proper RFC's
commit f5448bb14d7d25e0df57bc220a9ee07ba2c0f9f3
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri Mar 12 20:36:50 2010 +0100
fixed three other occurences of #!/usr/local/bin/perl
commit 1d0483cc6a400277419cbac3281f8b8abbd171cf
Merge: 5996214 1489a12
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Fri Mar 12 20:28:51 2010 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 1489a1212d01ddb373459da41df7ca73732147bd
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 12 12:08:16 2010 -0500
perl really lives in /usr/bin/ not /usr/local/bin since about oh 10
years?
commit d1318a0657dcc805efbba175eacb000c0fcf9013
Merge: 2fb21c1 77256dd
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 12 12:06:09 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 2fb21c1b7b5adc02b67c89b2bdf1c17419177ee7
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 12 12:05:11 2010 -0500
updated changes
commit 3b80971b601c8fbba5511f2a59580a308f5bde21
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 12 12:04:28 2010 -0500
Added missing ESP transform ID's from IANA
(See http://www.iana.org/assignments/isakmp-registry)
commit 467bc06e7388e823110647fbdabae60fd784eedb
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 12 11:57:35 2010 -0500
containe -> contain
commit 518216590cc25e6213b9a68896d9441fc48804c6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 12 09:32:40 2010 -0500
Fix for log message on Aggressive Mode [Michael H. Warfield]
commit 4078addbb1bf2cf0c515193ea5248ae2e8e3da31
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 12 00:17:18 2010 -0500
Fix for leftid=@[foo] notation (key = foo key_id_type = KEY_ID)
patch by Michael H. Warfield
commit 59962148341a056ddfdb9d39338714ec8e6334ce
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 22:54:30 2010 +0100
spelling fixes
commit 29f5a6af4db2794b8e91146edb6cadb71dab211c
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 22:54:00 2010 +0100
insert #!/bin/sh
commit 77256dd405d847ff640cdd7d452bf8d8f6dbe5d4
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 22:40:15 2010 +0100
+x for shell scripts
commit f56e8bf38c71c17a37adcdbdb77297adab0356ec
Merge: b2193ae 467312e
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 22:10:45 2010 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit b2193aecf5e7c66688b7eeec38481eb20ab0b4fe
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 22:10:13 2010 +0100
-x for normal files
commit 467312e794f2eb574c67064518177bfbd725dc78
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 10 16:06:32 2010 -0500
regenerated ipsec.conf man page
commit 91ea8d786ffe1d9b9a285d0e2711966752d066df
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 10 16:01:12 2010 -0500
updated changes
commit 9857fab874688a4c1f3fb219d68330ead91df363
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 21:56:28 2010 +0100
yet another spelling fix
commit de89100bf6d1b566bca4bd728464d84a870b06db
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 21:53:38 2010 +0100
another spelling fix
commit b07db001e9a028a3a8d81a7e647426cc591f94c5
Merge: 59fbc83 60cbb63
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 21:50:54 2010 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 59fbc8391b6f9c3b4d06c406753eb31f91fe38aa
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 21:46:57 2010 +0100
another spelling fix
commit 60cbb63890480a9d961dcddac56c8c67406280bb
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 10 15:45:42 2010 -0500
Added bugzilla# to changes
commit 1e42ad660227119c962a92e0cf31e9c8c4faa6f6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 10 15:38:22 2010 -0500
updated changes
commit 52033d19df4fb828fe07adf7830f8bd9c3f90985
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 21:38:18 2010 +0100
some spelling fixes
commit c2bcbed0d74dbd77a4c3c7b42ab756032af905e5
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 10 15:35:28 2010 -0500
Support for USE_TRANSPORT_MODE in IKEv2 [Avesh]
commit 90d92177c26ad012de5907f2febda2781593cd6e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 10 15:33:42 2010 -0500
NSS uses threads by default. the pthread and plc4 libraries were being
linked implicitly. [Avesh]
commit ab0931b5215a41b99a3130b4d45ecad8f99e5e21
Merge: 5bd8aa4 a230591
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 21:19:15 2010 +0100
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit a23059186088938c91c1fc174c3d3bb72409e4ee
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 10 15:00:42 2010 -0500
updated ipsec.conf.5 man page
commit f8ffcf27e9702f973222b9ee245a7288ec2f264b
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 10 14:54:43 2010 -0500
Added note on Aggressive Mode and multiple proposals to the man page
entry for aggrmode=
commit 6476808605407b99bcf238fa23c05603a6eba0ec
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 9 18:49:43 2010 -0500
Regenerated _updown.8 and rsasigkey.8 on Harald's request
commit 5bd8aa4c1d68cf0ee56c5ed9c0ac2fb68d9eb615
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 00:37:36 2010 +0100
fix invalid characters in xml-files (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464620)
commit 90a1a83a0dca5883bed479b8aaa0f4fcdaf9b0ff
Author: Harald Jenny <harald at a-little-linux-box.at>
Date: Wed Mar 10 00:23:32 2010 +0100
fix possible bashism in _startklips (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530155)
commit 85457ef101994a1e7e78332707f2bb6c34b5a5b3
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 4 20:42:41 2010 +0200
Update changes.
commit a8eb84909187246ec42124f2fbbc5bf4df2f0497
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 4 20:41:24 2010 +0200
Re-generate ipsec.conf.5 man-page.
commit 931bc17117e110621a94079305433761a9aebfce
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 4 13:55:56 2010 +0200
Add missing LSB header data. Default-Stop: 0 1 6 is really needed.
commit f4f9f8313456d53a14d9d2081ae01819e60e2b72
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Mar 4 13:43:22 2010 +0200
Fix man page to list correct default, ikev2=permit.
commit c99b46f7532616f15777b96e13f67fb48ff081ca
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Mar 2 15:56:46 2010 +1000
Fix the spelling of rekeying
commit 79dc84302b7f7ffb88c6749dfcb4c303097dbda8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 1 20:52:39 2010 -0500
updated CHANGES
commit cbb19a7f825e092951410c0fbcf4538b64ffccc1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 1 20:51:44 2010 -0500
When finding hardware random, not only check for rngd but also the
alternative clrngd daemon.
commit 7c567c43699958f2850b95368d12a085cc879892
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 1 16:11:17 2010 -0500
updated changes
commit a330447516b715ef061dd85d20362c61e6d7b070
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 1 16:10:28 2010 -0500
Fix for hardcoded hmac 96 bits length [Avesh]
commit 7c661e8942999b80f4a41df04285994310fc6184
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 27 13:47:28 2010 -0500
In out_modify_previous_np the passert for NOFFSETOF_isa_np needs to allow
ISAKMP_NEXT_HASH as well [Albert Veli]
commit a137dbf9998a94be3c1d3c9db0fb5fc035e06d08
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 27 13:43:59 2010 -0500
NOFFSETOF_isa_np should be 16, not 8. Found by Albert Veli
commit f70a5aaaee24075bb2f4b3458b7939396b6fff31
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 27 13:17:10 2010 -0500
Add support for pluto_updown for deb based systems.
commit e2517c5664a1b2d7d712fdcf3d777a9847b4b615
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 25 22:00:11 2010 -0500
Harald doclifted ipsec_set_policy.3 and ipsec_strerror.3 xml files.
man pages regenerated with xmlto.
commit 23d8784f47585c08d34b790666718e23c6e9e7ad
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 25 21:22:25 2010 -0500
Added Default-Start: and Default-Stop: to setup.in
commit 5466b541f12771ad28cb55f5bebbf7b2dbecceff
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 25 21:21:22 2010 -0500
Some more regenerated man pages
commit da62088a5f5265ae9946f9b24fc81ace73e2d8aa
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 25 21:13:05 2010 -0500
Regenerated spi.5 and spi.8 man pages with newer xmlto and deps.
commit cc0b4a0c626e672f50e6980c609e437e37672723
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 24 15:36:56 2010 -0500
Delete bogus man page files (they are renamed from spi.?)
commit ab13f8573ddbae9859823726bbadd3a1ce2a5009
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Feb 24 15:10:53 2010 +1000
Fix oops when driver doesnt support all header ops
Handle the case where the device below us does not support all header ops.
This needs a better solution IMO, but this will hopefully get us by for now.
I think it might be better for us to report the same ops as the device below us.
At least until we have a better imp.
commit 00ed7490af2e9adc1a936d38693c872cea1e87ba
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Feb 24 11:52:11 2010 +1000
Fix bad bare_shunt entry that break tunnel routing
When the kernel asks us to instantiate a tunnel, but we can't, we
mistakenly leave an acquire-pfkey hold in our bare_shunts table. This
causes us to make bad erouting decisions later when the tunnel comes up.
(bspp != NULL in kernel.c:route_and_eroute when it should be NULL). This
causes us to replace a non-existant route instead of add a new one, thus the
error.
Tunnels get stuck nearly up, acquire-pfkey holds will show in
"ipsec auto --status" but there is nothing in /proc/net/ipsec_eroute.
Look for a K_SADB_X_ADDFLOW error in your syslog, errno -14, Bad address (EFAULT)
if you think this is affecting you.
This is related to c2ae7e0c89e42a7e6d7137f83d798e4e4e56789d, and its
predecessors.
commit 6cebcb2a0fff487dc0c22a5fb9f1e18f3b4812ee
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 18 20:36:25 2010 -0500
David enabled the the NAT-OA code for USE_KLIPS in commit 8fea49d98fa,
but the mast stack should also use this code. Added a check for USE_MASTKLIPS.
commit ab37bb92191bdfbf5b87a265e74ac823774d5ccb
Merge: 21d0782 74d7c96
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 16 18:21:21 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
Conflicts:
CHANGES
commit 21d078240700e6121aaba66e1463f3b4da711360
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 16 18:09:07 2010 +0200
Update changes.
commit a9f4673868aee049dd6024eb2be2b57ee0990a8d
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 16 18:07:05 2010 +0200
Add better comment about use of _updown.netkey.
commit 591c1f41ca80eec6368b64c7ec0fc3d8b2d69382
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 16 18:04:01 2010 +0200
Minor cleanup to _updown.netkey Makefile.
commit a93a04db8158fcd35ce7d3da36b0e83c6c109d1b
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 16 17:56:48 2010 +0200
Fix removal of route in case of multiple default routes.
commit 74d7c9672c1189c0461c8077bd7e71f97b20de73
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 15 15:33:23 2010 -0500
updated changes
commit 8385f4fb4bc8d5d9cb65cbfd8175bf445821aad5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 15 15:31:16 2010 -0500
spi/spigrp/tncfg blindly assumed KLIPS. Give nicer error output [Avesh]
commit f7b0348a0e97bea9014601635ce0584720d3682d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 15 15:29:55 2010 -0500
Do not store XAUTH password in a variable if read from the prompt.
It could have been a one-time token or typed with a typo. [Avesh]
commit 61e60f95e3786a125084bdd66b5794864b199289
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Feb 15 10:22:54 2010 +0200
Update changes.
commit 85a6d1b38fe8373508cd6a6eaea374763378d843
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Feb 15 10:17:52 2010 +0200
Don't start openswan by default. LSB and chkconfig defaults were different.
commit 4fc8bc9eebb91a98b6e541c7c0ee166cd7988ec6
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Feb 15 00:32:26 2010 +0200
Revert "Add again fix for bug #888 which was fixed in 2.4.12 but got lost."
This reverts commit a5c2e00a815ccd45ba0359b39dcbcd7d469edda8.
commit 371e0684db913622a68d6212405d92f52b3cef45
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Feb 15 00:31:56 2010 +0200
Revert "Use ET_UNSPEC."
This reverts commit cbdace0f957a37d8778f6da8908b21a96ed40ae5.
commit cbdace0f957a37d8778f6da8908b21a96ed40ae5
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Feb 12 20:50:42 2010 +0200
Use ET_UNSPEC.
commit a5c2e00a815ccd45ba0359b39dcbcd7d469edda8
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Feb 11 22:21:02 2010 +0200
Add again fix for bug #888 which was fixed in 2.4.12 but got lost.
commit be7390e3e79992ab225c4fd66ec1d426568b494e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 10 09:45:30 2010 -0500
updated changes
commit 5ad0823a1700d7d56847c53425e07357786cd98a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 10 09:44:39 2010 -0500
Fix for unloading klips module on latish kernels [Ronen Shitrit]
commit 6ff1235e976fd12b151ac0994456a7bd9f0d39e1
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Feb 10 22:05:39 2010 +1000
Disable auto skb_dst_release to fix icmp_send
2.6.32 contains a change that means skb_dst() is released
before KLIPS gets the packet. This prevents KLIPS sending
icmp errors (ie., receiving a DF packet that is too large).
Problem and solution identified by Ronen Shitrit.
commit 22e784b21fc505c6bdec6482c9e12b4663372a4c
Merge: 1f03faa 8e2baa1
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Feb 8 19:23:25 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 1f03faa64d5f37338a07b381630fd1a8c9b023b8
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Feb 8 18:57:49 2010 +0200
Add copyrights.
commit 8e2baa1b159d157b0a366375fcc132ad73ddd407
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 8 09:50:54 2010 -0500
Add the case ET_IPIP: for kernel_bsdkame.c as well.
commit 2eb7692374cb60485b959057bd3656e37c305627
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Feb 8 12:22:55 2010 +0200
Fix NETKEY to work again after inclusion of GSOC OSX code.
ET_IPIP is not invalid case. It's tunnel mode ipsec.
commit c363527e62d0138d50fe127d8dc71c76814ea7c9
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Feb 7 21:02:59 2010 +0200
Fix typo in changes.
commit 47788d36b6750fdcbff479bc02fb0e036ae9ea56
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Feb 7 21:00:48 2010 +0200
Update changes.
commit 6c8584bce4752a13e27a2c0ae80adf4c69d4582d
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Feb 7 10:42:24 2010 +0200
Cleaner fix for autorestart issue.
commit c92e14055ec1042131c474e7c605a983a4a9342f
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Feb 7 00:57:02 2010 +0200
Update changes.
commit 8f53a1c38b5a581d765d17f16361a305f39e6020
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Feb 7 00:51:31 2010 +0200
Fix pluto to automatically restart after crash.
This bug was introduced by commit 71539c4e8308763c32d74c55d01b93091169dfb7.
commit 8b829945f86a813d6a823e86f5ba8f6ff4b4590f
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Feb 5 14:51:01 2010 +0200
Update changes.
commit 40100c207aa556d1cdf7e73bb041860b10e648db
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Feb 5 13:30:09 2010 +0200
Use pfkey_remove_orphaned_holds on netlink too.
commit 25aee021e8a5f11e4f56d3766045b40d318d7f86
Merge: 7ff1d7a 65ca0cb
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 4 21:17:42 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 7ff1d7abc574eab8c3a8f83b91292415a92d825c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 4 16:15:42 2010 -0500
Abort sending I2 in IKEv2 before we hit the continuation function
if no ISAKMP_NEXT_v2AUTH is found in the R1 packet.
It saves us a DH exchange, and should prevent us from entering the
rehash_state() function, causing us to crash on the passert.
Though the reason for that crash is still unknown, since we haven't
traced it yet. [paul/dhr]
commit 65ca0cb35d056d515e701b69aac95ea41770531e
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Feb 4 15:03:21 2010 +1000
Fix oops on held packets
Do not call output_dst on an skb that does not have a dst yet (requires
ip_route stuff to have been done and we have done nothing on a held packet).
Push it back through with dev_queue_xmit instead.
commit 9e0dd33057e634bb3477cef8a2b44a15c6c0e9a6
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Feb 4 10:39:35 2010 +1000
Add locking for PRNG
Fix possible PRNG corruption due to re-entry, problem found by
Shinichi Furuso. The locking is a bit of a hack, but it's better
IMO than polluting the code around calls to prng_bytes.
commit 338ab2e4bcc9d5f93a6bd843830191d259f41fc1
Merge: 9546f23 91ae52f
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 3 21:45:20 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 9546f239fd9f02f0b50a2aa200923d60cab5c148
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 3 21:43:54 2010 +0200
Make sure we include resolv.h instead of arpa/nameser.h.
resolv.h includes arpa/nameser.h on modern systems.
commit 91ae52f10973c44f58db0f37bf8b555256f23183
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Feb 4 00:43:23 2010 +1000
Correct locking for SA tables in pfkey interface
The pfkey interface was not protecting itself from the rest of the klips
stack (tdb_lock), which may result in corruption of the SA tables or worse.
commit 88bc11b1579db71330a6da9f860cadf98f1dae51
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Feb 4 00:29:23 2010 +1000
Fix possible auth corruption in due to static data
work_space was static and unprotected meaning re-entrant calls
would corrupt the SHA1 result causing auth to fail on packets
amoungst other possibilities.
commit 688b8866984f83d8e9b4d243d594384a3ee8f831
Merge: b1c8ded e5b4fa6
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 3 09:27:35 2010 +0200
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit b1c8dede724e2ac5fe4296a58b268e49e06ee340
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Feb 3 09:25:30 2010 +0200
Fix IPSECVERSION to match change to master branch. We are not in gsoc branch.
commit e5b4fa6375f93ae9d9a90f2f45e7fdc54193eeac
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Feb 3 15:26:26 2010 +1000
Fix KLIPS_IP_SELECT_IDENT usage on newer kernels
Make sure we have the skb->dst in place (ip_route'd) before we call
ip_select_ident (KLIPS_IP_SELECT_IDENT) otherwise we get kernel trace
to say things are less than ideal and performance is killed.
Also cleanup KLIPS_IP_SELECT_IDENT definitions. It's also in ipsec_param2.h
but it really should be moved ipsec_kversion IMHO.
commit 62bd9b6c3ce7a4f76bfe47d1e2b74774ba0e5b84
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Feb 3 13:59:44 2010 +1000
Stop the queue when we are overloaded
Fix up klips to play nicer with the stack by stopping the queue
(return NETDEV_TX_BUSY) when we can no longer take any packets
and restarting it once we can.
This helps a lot with flow control through the stack back down to the NIC's
in high throughput scenarioes.
commit c008d88c092927856004d1ec082e75a8eaca3a33
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 2 12:09:05 2010 -0500
Undo the accidental setting of the install options to OSX when we
merged in the #osx branch
commit 5f8e7cab3aa3825b1151453b62252b1d424da78b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 2 11:00:04 2010 -0500
Move kernel_pfkey.[ch] into its own PFKEYv2_DIST_SRC / PFKEYv2_OBJS
variable in the Makefiles to avoid double including when building
with both KLIPS and NETKEY support.
commit 397ba754d4e3a5bdf29768de7e8009deebf32a95
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Feb 2 21:33:10 2010 +1000
Clean up use of skb_dst_drop
No need to check for skb->dst==NULL, skb_dst_drop does that for us.
commit 9cfb162a323d42f0d0f4b3357a6b35528a0b6a01
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Feb 2 21:24:37 2010 +1000
Reduce code overheads when debug is off
Do not call expensive debug routines when debug is not enabled.
satot and friends can slow ipsec throughput dramatically esp. on
embedded low end systems.
commit eb03a66017c676df5fa988ab5ded936671257121
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Feb 2 21:22:42 2010 +1000
Fix tcpdump on ipsecX interfaces
We need to hook up the header_ops so that the packet interface
adjusts for the ethernet header correctly when passing the packets on.
commit d5fad4c515a1b732847f696bb82eed35527e1aad
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 2 10:49:32 2010 +0200
Modify changes.
commit 3df1e897c585991c2247dc67892f081d3a692bda
Merge: 0de7a98 c45eecb
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 1 17:23:25 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 0de7a985f1f292fbc5a335193363332912ffa772
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 1 17:23:10 2010 -0500
updated changes
commit fecf2749886e35c8c0c434f9ba17355cc1adb81e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 1 17:20:51 2010 -0500
Though NETKEY does not use the PFKEYv2 interface, it does use some
code in kernel_pfkey.c to register protocols to the kernel. This
patch fixes compiling with USE_NETKEY without USE_KLIPS. Note that
for this to properly work, the packaging default for linux has to
have its -DKLIPS removed as well.
Patch by Ajay.V.Sarraju
commit 2b34d23ff9cbf8d1becd31382f2af977bd4894d6
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 1 16:50:49 2010 -0500
IPSEC_UDP_ENCAP_CONVERT is needed for NETKEY as well as KLIPS.
commit c45eecb651887bf334b176a513d90bcfdf43e23a
Merge: 5952d81 376f12d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 26 18:26:07 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
Conflicts:
CHANGES
commit 5952d819f2cbef8aaa9d91a811e76d161ead98d7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 26 18:25:21 2010 -0500
updated changes
commit 4592ba389007ffd51d7a53fbe38c0c09399f2235
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 26 18:19:33 2010 -0500
"split networking" support for remote_peer_type=cisco This is required
to interop with Cisco server sending their network configurations to the
clients. One advantage of "split networking" is that that more than one
remote networks can be routed through one ipsec tunnel.
This paach also fixed some crashes found when doing interoperatibility
with Cisco.
Patch by Avesh
commit 376f12d4104dac039df0b5eaf32c2211888a3297
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 26 12:48:42 2010 -0500
OSX needs sys/socket.h before net/if.h
commit ab19ef909c32c449b4ef4ceec522902969855b39
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 26 12:41:30 2010 -0500
Fix for the ARM unaligned bug. Dhr was off by 8, and the passert()
was too trigger happy.
commit d4b5a8d02468addd42c6ca9743061bf8baae0bbd
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 26 12:38:06 2010 -0500
update changes
commit b78ff2546cd60460b7911761c5ccd903babd3167
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 26 12:34:45 2010 -0500
EVENT_DPD_TIMEOUT was not deleted when the last R_U_THERE_ACK was
lost and traffic on the SA resumed. This could cause DPD to trigger
that a connection was done, despite traffic currently flowing on it.
Patch by FURUSO Shinichi <Shinichi.Furuso at jp.sony.com>
commit aecc81369e6290f657c8cee805c82cdcb136ba98
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Jan 21 14:00:09 2010 +0200
Update changes.
commit 742b088b8b6701e7dec2ae221a8376ce2ca7cf1e
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Jan 21 13:10:55 2010 +0200
Documentation cleanup to remove obsoleted or old parameters.
commit 65d2ffdbfa7fd28d7d64931ce44a2075f18cf49c
Merge: 5de5c0d fedf408
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 25 23:47:04 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit fedf4081edbac1ec895bf4477aee8700bf225c87
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 25 22:58:00 2010 -0500
updates changes
commit 9745d34e7ae9adc05c7d0b7197169ca2abfa8a65
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 25 22:54:42 2010 -0500
Credit the new livetest properly to Daniel Snider
commit 05710dd363dc69e8be48fed20f53e3eeed2cd5c3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 25 22:54:03 2010 -0500
Add the exceptsocket kernel_ops to non-BSD stacks as well, with
a NULL for the function pointer.
commit e5f576d4292414625a6250c648e7f73dbfc1072b
Merge: a675847 4765a4f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 25 22:10:30 2010 -0500
Merge branch 'osx'
Conflicts:
CHANGES
programs/Makefile
programs/pluto/Makefile
programs/pluto/ipsec.secrets.5
programs/pluto/pluto.8
programs/pluto/pluto_crypt.c
commit 5de5c0df66afa428fc31d4ad918eb5610e71e5f5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 25 12:39:52 2010 -0500
Fix some compiler warnings and incorrect use of strncat() [Avesh]
commit b74571e6a5b8c4566db14a46532e7603c039e159
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 25 12:39:35 2010 -0500
updated changes
commit 710898ca3839e2c772aca56d5bf3b0f920573d10
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 25 12:37:00 2010 -0500
Slight change for compiling with a (broken) nspr [Avesh]
commit a675847afbae8e7864e4ee26903aa44effd221d4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 20 22:08:24 2010 -0500
updated changes
commit e0823fdfb11d2247c398af2406a0b4cd04b3e6ba
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 20 22:06:01 2010 -0500
When built against libcap-ng to drop posix capabilities, pluto must
retain some capabilities in the bounding set, otherwise its shell
children will not be able to add routes and addrs using the 'ip' command
in the _updown hook.
Fixes issue reported by Marek Greško
http://lists.openswan.org/pipermail/users/2010-January/018160.html
and https://bugzilla.redhat.com/show_bug.cgi?id=550023
Signed-off-by: Kyle McMartin <kyle at redhat.com>
commit e88c58877fc105e1f8bad3d7e4fcc7defcc02897
Merge: 0e7c31c 293e025
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 20 22:00:43 2010 -0500
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
Conflicts:
CHANGES
commit 0e7c31c3d6c0da90e10483c69f61d73be80b0a9b
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 20 21:59:53 2010 -0500
updated changes
commit fa384bccde5259d440f552da42a7183cd92b6eeb
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 20 21:58:27 2010 -0500
out_modify_previous_np() made assumptions that network order and
byte order would be the same. Patch by dhr.
commit 293e0257a6837ff932b4526b38a7aee2f5d4907a
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Jan 20 09:10:33 2010 +0200
Update changes.
commit fb100e130963e957ffc4ebafd3fd7f45c780ac84
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Jan 20 09:09:13 2010 +0200
Fix reference to unused file in README.nss.
commit 9a5aee47767ca3b416b488a7fb1e13f28b5ebeac
Merge: 6637a97 ebc208a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 19 15:08:00 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 6637a9725402ccce9c1e0a918c37deb6ab27b492
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 19 15:07:39 2010 -0500
updated changes
commit e9dfb47cbf3cfb61aff0ea8626f167e040f93b03
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 19 15:06:06 2010 -0500
Removed obsolete --key option from showhostkey, as remove for the "KEY"
(not IPSECKEY or DNSKEY) record type is obsolete.
commit ebc208a3579710167d4be1abb630a5f4ab31aefc
Merge: e96a296 091ae03
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 17 17:40:10 2010 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit e96a2964903bd0dd147a108db1f023b8d37638fe
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 17 17:38:15 2010 -0500
Updated saref patch for 2.6.23. It was missing pieces
commit 091ae037a4f393bf3300a45952b6b1f2c54d51bc
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 11 17:42:41 2010 -0500
flip _updown.mast to use the "new" iproute2 fwmark mask.
commit 2012402f3387403e47860aa64c0518eb1535c867
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 11 17:41:40 2010 -0500
saref patch for 2.6.32
commit 9804aab28bcefb5cab229dfb0f95a139e43b7d8d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 11 16:45:48 2010 -0500
minor change to example for l2tp
commit f570bdb2f4740e52faed7c336b9f4e43935bb9ff
Merge: bf1db32 78e6eb4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 11 14:59:55 2010 -0500
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 78e6eb4da0f9cfb05b1aa0143dfd02774a56c69d
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jan 11 17:11:19 2010 +0200
Update changes.
commit 039dbe5f9c5b01b75342fcadb5cbb77272a2721e
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jan 11 17:09:36 2010 +0200
Fixed obvious errors in centos5 and fedora packaging.
commit 74589462f3bc408ca5a7d17c0cd86c3731d574a7
Merge: 54e194e 4f38f0e
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jan 11 14:58:52 2010 +0200
Merge branch 'ikev2' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 54e194efdc1b61e6bd70dd1f6fe2487fa6fc99b6
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jan 11 14:58:08 2010 +0200
Update CHANGES.
commit 69b8b60eae5099dc286ef5ab89b324ede3aca421
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jan 11 14:39:00 2010 +0200
Remove hardcoded sql: from nss db path from rsasigkey
and showhostkey.
commit e3340e0786154267d01030ef984c009779570ee0
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jan 11 14:38:32 2010 +0200
Remove version from README.nss.
commit 4f38f0e83740a4063dbfc3b3897e3b175b0194ff
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Jan 11 11:11:14 2010 +1000
Fix compilation on 2.4 systems. Haven't checked that it actually works yet.
commit bf1db32e5d47a1cf47f960e9c5df5fa704805847
Merge: d0a94a1 0ce424d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 8 20:01:04 2010 -0500
Merge branch 'ikev2'
Conflicts:
CHANGES
commit d0a94a1ad7c21da1c850f89fee9b3f77be293697
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 8 19:59:57 2010 -0500
updated changes
commit 49252a804869c62b07856e095c851e618f91e5b1
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 8 19:55:09 2010 -0500
Ignore a warning due to a bug in nspr that would otherwise abort the
compile of openswan. The warning has no effect on us:
nspr4/prlink.h:211: warning: function declaration isn’t a prototype
commit 0ce424d8bfcc2cbf6e55172672ed0cf2b1f5aa5b
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jan 4 22:07:36 2010 +0200
Update changes for nss debug logging.
commit 0bdc9a7880ed4d7c68b28eb1994c8b6c5350a1d9
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Jan 4 22:04:03 2010 +0200
Move NSS debug logging to DBG_PARSING.
commit 78629c078b6dc2a1805778d9a2f428160c3640fa
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 3 13:21:28 2010 -0500
updated changes
commit 6c8ff2791d13a4c56cbf8c5f76b2a3f519341c9a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 3 13:15:25 2010 -0500
Openswan did not compile with HAVE_NSS due to a nspr bug that is
present in at least version 4.8.2.
Openswan uses the -Wstrict-prototypes flag (and -Werror) but the
nspr header is faulty.
In prlink.h the offending lines are line 52
void (*fp)();
should use
(void)
and line 221
typedef void (*PRFuncPtr)();
should use
(void)
Workaround by Elio Maldonado Batiz <elio.maldonado.batiz at gmail.com>
is to add CFLAGS+=-Wno-strict-prototypes to showhostkey and rsasigkey
commit f0e16909e06c357411991dcb53d69a889aaa6874
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Dec 30 01:21:06 2009 +0200
Update changes for NSS fix.
commit b451d26f471a5348fa8e2d16d74dace588825ae4
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Dec 30 01:16:15 2009 +0200
Remove extra sql: from NSS db directory name.
Because of this extra sql: pluto couldn't open nss certificate database.
commit a4bc551acdedc9f6af40b05f08bb52da97bfb1e2
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Dec 29 20:47:33 2009 +0200
Fix wrong syntax in README.nss sample command.
commit cfb119160068c5d2fe0324fff4021460e2f12b56
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 28 00:04:35 2009 -0500
removes some CVS cruft
commit dd6550b979f49792108ac1388ac7daa28e8ac7bc
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 27 23:41:29 2009 -0500
asn1_init() takes a debug level paramter as argument. This does not work
with -DNO_DEBUG. This affects the asn1 code. As a workaround, we now set
the two debug levels used in asn1_init() calls - though the setting will
never be used since DBG() should expand to a noop.
This fixes part of bug #1049. but oswlog.h also still has issues.
commit 681cf1f52595e99ddb2bfc23d1903bcd291b5a86
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 27 23:15:17 2009 -0500
updated changes
commit 63be9bada8036d50906b8381ac237d17f544c7d5
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 27 23:11:29 2009 -0500
send_notification() in ikev1_main.c did a wrong check on out_raw when
spisize > 0. Patch by Seong-hun Lim
commit 013c7d28d8f878587911d78346adaff11d6efaf5
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 27 21:26:12 2009 -0500
Remove any previously installed libexec/ipsec/vendor file. This file
was not removed, and would cause misleading vendor information when
a non-vendor marked version was installed over a vendor marked version.
commit 4079c891e02fbbd897e36828f857b074a202067e
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 27 21:07:18 2009 -0500
updated changes
commit 8e8e44b266dd4e33ba22aec98e44275256cf165b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 27 21:05:00 2009 -0500
Fix for compiling without PLUTO_SENDS_VENDORID.
Note that HAVE_LIBNSS caused us to not use the vendorid code, which
is changed with this commit (Waiting on an answer from Avesh to see
if this was intentional behaviour or not, as I'm not too familiar
with that part of the FIPS requirements)
This resolves bug #1072
commit 1c74bc24ec2a75e36506d8270f6541fa67fccd3a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 27 19:57:54 2009 -0500
updated changes
commit b919d939b7adb9112e3deb13f916147cc567bb8c
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 27 19:56:08 2009 -0500
Do not clean out generated man pages with 'make clean'. Do not hardcode
calls to xmlto.
commit 97b788e2107511a3c2d23bd25657c2d8caa0de93
Author: root <root at bofh.xelerance.com>
Date: Sun Dec 27 19:54:36 2009 -0500
added generated ipsec.conf.5 so that xmlto is not required for
building.
commit 1622e89552013f02903bc0057b5719e09fa608cf
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 23 01:24:39 2009 -0500
updated changes
commit 7498d46f87ad9ef2420363d8e15e32abe7dde9d4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 23 01:17:24 2009 -0500
Actually added the xml include for remote_peer_type
commit d66fcdead2a4bf70c24ffd2bc9812922c14df540
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 23 01:15:22 2009 -0500
Added man page entry for remote_peer_type for 'man ipsec.conf'
commit 42a8e984ea40addc526c292363024fc2169f8670
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 23 01:01:17 2009 -0500
Support for remote_peer_type=cisco. This enables support for
Cisco ipsec gateway redirection in XAUTH.
Patch by Avesh Agarwal <avagarwa at redhat.com>
commit d8931a1311ad0ed819dbb6c9118b1788321f1289
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 22 22:16:53 2009 -0500
Enable USE_NETDEV_OPS for 2.6.31 kernels as well so Fedora kernels
build properly.
Merged in two duplicating sections regarding PROC_NET
commit 33f642483b3705c7f2e4f0a1c866fdf6ca41ed7b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 22 00:03:20 2009 -0500
commit changes
commit b4f77ef0efa7a0d6e7c8f7ae46d39663f09b48fe
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 22 00:01:53 2009 -0500
updated changes
commit 7911c8fa72b03ded8fa6f69d8216232bce9f48b7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 21 23:27:20 2009 -0500
updated changes
commit f10fd044cf594355cf0f88400af91d31f6a50ab0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 21 23:25:44 2009 -0500
updated pre-generated man pages of ipsec.secrets.5 and programs/pluto/pluto.8
commit fdac4c2b8015c208143c88e5f8f3489d9dd1b211
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 21 23:16:41 2009 -0500
Merged in David's Fixes for 2.6.32 kernels. Compilation tested on a few
kernels, and late kernels works, but I did notice slightly older kernels
like 2.6.21 are still broken.
commit be3eb5fb9832b8814fb14623ada49abd7a6955d1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 21 22:51:50 2009 -0500
Revert "Some more fixes for HAVE_NET_DEVICE_OPS based on the openwrt patch"
This reverts commit 8c3c64b31aa4c55ddec226366a9bf7dc19b6a902.
commit 1ee687a823a3e0b99504ec9f829d3b25509747f6
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 21 22:51:40 2009 -0500
Revert "Removed KLIPS_IP_SELECT_IDENT macros from ipsec_xmit.c, as that got"
This reverts commit aebe4b5df10eb84005a3fb66ce02b24e3d77590b.
commit 3cb57c39e272c29acd1c5dce27655d1443285baf
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 21 17:19:18 2009 -0500
ensure that the assumption is true that struct ipsectunnelconf fits
within struct ifreq. Patch by dhr.
commit 8c3c64b31aa4c55ddec226366a9bf7dc19b6a902
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 20 03:16:36 2009 -0500
Some more fixes for HAVE_NET_DEVICE_OPS based on the openwrt patch
by thinkos/florian
commit aebe4b5df10eb84005a3fb66ce02b24e3d77590b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 20 03:15:08 2009 -0500
Removed KLIPS_IP_SELECT_IDENT macros from ipsec_xmit.c, as that got
moved to ipsec_param2.h
commit be7b723893a621cb04a3d6830c0557283f313143
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Dec 19 19:49:37 2009 -0500
Fixed another ifr->ifr_ifru union overlay that broke to due us
storing our data within another member of the union struct. [dhr]
commit ced3d3fbccfa654e8f18310bc3e89a0cd95e1bcf
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Dec 19 14:21:06 2009 -0500
Fixed two occurances in kernel mode of the typo ifr.ifr_irfu
(versus ifr.ifr_ifru)
commit 599acd63304d6d1553ae38481608e5831eed306d
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Dec 19 14:19:59 2009 -0500
Ensure we do not try to use skb->dst with HAVE_SKB_DST set.
commit 35d83aebbd9f2f5b6cf8c16a13b15023df0f2366
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 16 23:47:37 2009 -0500
Fixes for the tncfg strict alias warnings. This also fixes a test
that always used to pass erraniously. Patch by DHR
commit 3b2d9631a43ea4fb242b264e36986a2012ae91c7
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 16 21:15:59 2009 -0500
Fix types in a debug line. Patch by DHR.
commit 347434600a22157fe51da4b92bca4c99e4c31504
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 16 20:54:42 2009 -0500
ifr.ifr_irfu -> ifr.ifr_ifru fixes.
commit b356794393169a9f72059df66534f4a03ef4a936
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 16 11:58:01 2009 -0500
We accidentally installed _startklips, _updown.klips and _updown.mast
twice, causing .old files to be installed. Patch by Avesh Agarwal
commit 9d00d5c6fc87ed0cfd116a3a34731ba6af700092
Merge: eb77302 1faaa50
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 16 11:45:54 2009 -0500
Merge branch 'ikev2'
commit 1faaa50952a01f70c86cab1936e1776426dcc49a
Merge: f0ea820 89ac0f4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 14 17:07:28 2009 -0500
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit f0ea8201cc33b885f04c97b6b7303bbdc153ce8b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 14 17:06:24 2009 -0500
lwdnsq should log in /var/run/pluto, so it does not generate SElinux
denials for trying to write in /var/tmp/
Patch by Avesh Agarwal <avagarwa at redhat.com>
commit 89ac0f4e1d22f86a585403aea1b486c49a90933e
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Dec 12 14:56:08 2009 -0500
update to key zeroization with NSS.
Patch by Avesh Agarwal <avagarwa at redhat.com>
commit e3cc4d44c8a691c9cc92ba6150bb60227a0c893e
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Dec 12 14:53:19 2009 -0500
Updated support ISAKMP_N_CISCO_LOAD_BALANCE.
Patch by Avesh Agarwal <avagarwa at redhat.com>
This does not (yet) include server side support.
commit 80b1ff8a88752f9d9018d74f5ee35613723c9dae
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Dec 3 14:46:31 2009 +1000
Do not include asm-generic/errno.h
Do not include <asm-generic/errno.h>, not in user space and probably not in
the kernel. We will forgive this if your system is so messed up it has a
broken popen, because your errno.h may be broken as well ;-)
commit 62b788347ec399ee955f7746eb148b7ab70902ba
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Nov 16 10:16:10 2009 +0200
Change NAT-Traversal support log message to clearly indicate enabled state.
commit eb77302649a3357f20cd00c5081cb922edc18929
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 13 15:06:53 2009 -0500
Fix for gcc44 warning. overlay our struct ipsectunnel onto ifr.ifr_ifru union
Patch by dhr
commit 2445a3014933295387cfd7fab96d22c5dd78c160
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 13 13:02:53 2009 -0500
updated changes
commit 3030400108b3c192af1aaa089ab0e6243f5be2c4
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 13 12:58:50 2009 -0500
Reword SElinux warning in ipsec verify
commit 827d28ee278d6614ad5760a6caef094a691c8410
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 13 12:54:55 2009 -0500
merge in redhat's openswan-2.6-initscript-correction.patch
commit faf3f4c1221ecc0a87034b20e0df62968ce43178
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Nov 13 00:14:11 2009 +0200
Fix merge of 6in4 or 4in6 tunneling support.
commit b41ec965b86169384143e2e1a8fe3164f31142d9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 5 13:07:37 2009 +0100
comment out XFRM_STATE_AF_UNSPEC. It would require ipv6 on ipv4 only hosts.
commit e4fca4cef5b32cf70f512d2789f452733693e48d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 4 22:05:22 2009 +0100
Add kernel-headers as build dependancy for linux/xfrm.h
commit 8fea49d98fa2b28070333e669dee351e6f3797b6
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Nov 4 11:05:49 2009 +1000
NAT-OA support is different between netkey/klips
Only do the NAT-OA code path for klips which handles it specifically.
commit 8fa54bf44bc0aa7827d42eff9e6892a6fbac794a
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Nov 4 11:02:45 2009 +1000
Fixup merge of NAT/1004 fix
The code for the #1004 fix was merged into the NAT fix, but the
old copy remained. Clean that up.
commit 1c72848baec469fcce5540069eea0c68c89e24ea
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Nov 4 10:56:08 2009 +1000
Fixup cryptoapi sg_set_page for older kernels
commit 31dba8e76c7e1ea0900c7b0a3dc6a5ca07ae3ec0
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 21:36:08 2009 +0000
merge of commit b88bbe8aa1284c98e2f234b0cc991ff5775680da
Author: Andreas Steffen <andreas.steffen at strongswan.org>
Date: Tue Sep 22 20:00:49 2009 +0200
set XFRM_STATE_AF_UNSPEC flag
commit 20bb3f7ce99327572c849e4ddc0377cda158e888
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 21:35:59 2009 +0000
updated changes
commit acf57ef85bb73626d3df0915cda0fa96bcb38a4e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 20:48:29 2009 +0000
commit 158e9386d24df1bf71d864e62bda167c5892dbf9
Author: Heiko Hund <hhund at astaro.com>
Date: Fri Oct 16 14:50:12 2009 +0200
setting the IP family enables mixed tunnels
commit 7ead5652530a76cc80cf52e1c5513bca2057c1d3
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 20:36:14 2009 +0000
Honour kernel build verbose setting via V=1
commit 2b7dd5ebb86447198395b1e315de0b594c19273e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 20:29:59 2009 +0000
Merge of bluerose commit 37917ff14ce0
added compatibility routines for get_current_user() for 2.6.26 kernel (such as Debian Lenny ones)
commit c398f2b9bed02dcb5500eb14b1f427038516459e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 20:22:00 2009 +0000
merge of bluerose 826372ad6e5afa7
HAVE_SET_MAC_ADDRESS has turned up before HAVE_NET_DEVICE_OPS
commit c733bc84924fb585d6db502315354a7e71e8ac52
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 20:18:57 2009 +0000
merge of bluerose 19ba5337aef1cd
fixed ipsec_tunnel to work with 2.6.26 code base
commit b0f02a6ed01cbef4065a94049368a3b60e894574
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 02:35:35 2009 -0500
update to use netdev_ops structure
Conflicts:
linux/net/ipsec/ipsec_tunnel.c
commit 008a43c8b7655512de051027030c29301fe4bff7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 02:15:10 2009 -0500
part of skb_dst() patch
commit 4b0ff6c899d2854ba38ad5694c68a5e4d4f95b51
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 00:02:00 2009 -0500
merge in the skb_dst() updates from bluerose commit a69c176d74b7
commit 903897571e426a427e1be1c65d8c3d5813a8007b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 3 00:00:23 2009 -0500
Port Michael's param/param2 separation. Param2.h gets included after
including various kernel defines, whereas param.h gets included beforehand.
commit 6fc7fe3a0b7331501310ed05b8fc27359fad0d09
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Nov 1 11:44:51 2009 -0500
updated changes
commit a42a907963e0ce045b33a9355f5a3e3ada600e46
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Nov 1 11:41:38 2009 -0500
Patch by David to make Windows happy.
we did not route the NAT address through the tunnel on first connect, but
we did change the connection settings which did give us route on the second
connect
commit 0a2560065883c7832d655905dbb657c4870fba8d
Merge: f2aa7fe 8934898
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Nov 1 11:30:35 2009 -0500
Merge branch 'master' into ikev2
commit 89348988024f972d376f088e15ac85b53ee89ca9
Merge: 2bdbfda f50e153
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Nov 1 11:30:12 2009 -0500
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
commit 2bdbfdafeede8ebe40748f0b143679b74686c8ef
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Nov 1 11:23:58 2009 -0500
Merged in an old bug #428
KLIPS NULL encryption patch (through cryptoapi)
commit f50e153393021ee07cba7261fb542bddece26d75
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 30 17:15:25 2009 -0400
updated changes
commit 0a9941cd6005daaad0df647180ac03ef68cff3e5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 30 16:59:37 2009 -0400
Fix three warnings when using KLIPS with cryptoapi where it was using
%d instead of %zd when using size_t.
commit f2aa7fe3078c1417e9284dddc48daa94d17eecf1
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 30 16:45:20 2009 -0400
Do not set the critical bit for payloads defined in RFC 4306. Patch by
Avesh. Confirmed by Michael and PaulH.
commit 59fd751cb48ad6e58d79f5a0c8529a83c05fee7c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 30 16:45:20 2009 -0400
Do not set the critical bit for payloads defined in RFC 4306. Patch by
Avesh. Confirmed by Michael and PaulH.
commit 7471b8b51fc46342f9cdadd54093ee88db52f7fd
Merge: 86fc8eb 22629fb
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 29 15:24:46 2009 -0400
Merge branch 'master' into ikev2
commit 22629fbe03eb38363db6bb0a5817f88cf8a26fde
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 29 15:23:56 2009 -0400
The netdev_priv() macro causes compile problems for me.
commit c1b2a01d1a7cbc441f68303c8e4ad396beaa9070
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 28 14:37:46 2009 -0700
Only use system() fallback when compiled explicitely with
HAV_BROKEN_POPEN
commit 0ab4a7c73092554a5376832edd9e6e13edad9526
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 28 13:53:23 2009 -0700
merge of HAVE_SKB_DST from bluerose.
commit 84e334cab137f8afd465974d8586d925bec038be
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 27 16:17:09 2009 -0700
Don't use bluerose's ipsec_param2.h, we have that in ipsec_kversion.h
commit 52c9006848e7a35073536615ca81d9511bf42e54
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 27 16:15:37 2009 -0700
Macros for netdev_priv() and current_uid()
commit 86fc8ebf81293f9680ea3a8cdf98f85eb2b3dcd9
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Oct 26 13:07:30 2009 +0200
Fix README.nss formatting by splitting over-long lines.
commit 36f1c3625ebb72d43bef029822e3f6d3bee5a6b7
Merge: ea440ec dd037f2
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Oct 26 11:43:50 2009 +1000
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit c1e6594ad3f3945a45d45bcca00c29359f107bda
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Oct 25 11:59:07 2009 -0700
Added check for HAVE_SKB_DST in ipsec_kversion, added some includes
based on 97d0fbb55 (but the netdev_priv() still needs to be macro'ed in.
commit 15d75b7cee7e14929e4d9d37e54145fa12736613
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Oct 25 11:30:28 2009 -0700
Removed some old CVS cruft.
commit af6a807408ed124fefc42e66cfab00da2a3bd93b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Oct 25 11:23:03 2009 -0700
Printk that we registered KLIPS
commit b58708f459f4f05d9cbfd2ec3db965738f5533c6
Author: Michael Richardson <mcr at sandelman.ottawa.on.ca>
Date: Mon Aug 17 12:26:35 2009 -0400
added left=/right= to example
commit 7477de00e2538e3f37b01ee89e81c6f6475e15b4
Author: Michael Richardson <mcr at sandelman.ottawa.on.ca>
Date: Mon Aug 17 12:22:29 2009 -0400
added leftsourceip=, leftrsakey and leftcert
commit d1498f36497e31c1bd0279f188d2e6d5c0dbe673
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Oct 24 17:28:07 2009 -0700
Don't check errno unless we encounter an error.
commit dd037f2702790adf83202ac2c6309f83d7439d9d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 23 21:53:47 2009 -0700
Use ENOSYS instead of 38
commit ea440ec35fd82df11aae3b416c72ea00a95c1e56
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Oct 23 11:46:26 2009 +1000
Fix panic when NAT-OA is negotiated
Code was out of sequence and a bit out of date post the sync changes
and would access broken pointers and crash.
commit 593d87e07e923615eb6988b617bf2f26679db1d1
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 22 18:09:16 2009 -0400
updated changes
commit f917f2363673027b81b2efbba4e6c9c0734b1cf9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 22 18:06:55 2009 -0400
Use system() on Linux systems without popen(). Patch by Jonathan Miller.
commit 28409577844fc405670634b7c7438c20d5024200
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 22 17:52:37 2009 -0400
Zeroize ISAKMP and IPSEC_SA keys memory when in FIPS mode. [Avesh]
commit 01229632d75123aa0e40a33937d41c021553b9a8
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 22 14:41:13 2009 -0400
This looks like the missing code piece for the remainder of bug #1004.
Worked on a lot by Hugh, Tuomo and Paul.
commit cf5b5411610374dc89a2dd3fabadefeb1fe54f7e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 22 14:21:06 2009 -0400
updated changes
commit a4f8195028a3d293ce1b9fcdb2dda3f7495337cc
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 22 14:18:21 2009 -0400
Workaround for broken shells (busybox, dash) by Michael Smith
commit f71909685948d6893decf6405a488991212c8ebc
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 22 13:22:16 2009 -0400
Added stub for NETKEY's remove_orphaned_holds()
commit ea0614e7d3baa824e96302369293497a133b5a6d
Merge: 01766f7 5b0e0b5
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 22 13:15:11 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 01766f76bc71145dd320abd560c7a1fd3b22f5ea
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 22 13:14:28 2009 -0400
Added Cisco specific ISAKMP notifications. We do not act on any of these (yet)
commit 5b0e0b576fb5818755789f8f8c7207fc75dcea11
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Oct 21 21:24:41 2009 +0300
Revert "Remove pexpect case which was never hit before NETKEY DPD fix."
This reverts commit 20bcfd2ca8cf0dcfd21b257785f2434c3a7ae849.
This was not correct fix for the problem.
commit 94ff367131817202ca697c065c89a1c74df554fb
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 21 11:33:13 2009 -0400
Revert "Remove pexpect case which was never hit before NETKEY DPD fix."
This reverts commit 20bcfd2ca8cf0dcfd21b257785f2434c3a7ae849.
commit 20bcfd2ca8cf0dcfd21b257785f2434c3a7ae849
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Oct 20 18:18:37 2009 +0300
Remove pexpect case which was never hit before NETKEY DPD fix.
commit 51ba36029849bc1942ec3dd6586007012893d591
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Oct 20 09:45:30 2009 +0300
Upate CHANGES for setup.8.xml changes.
commit 11a81d01759bdf9ad7162e9922942285b5bb9583
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Oct 20 09:37:42 2009 +0300
More cleanup to setup man page.
commit 63f1b4257ce4be9a38cfd43404194a75b1c5d185
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Oct 20 09:18:47 2009 +0300
Add back old syntax to setup for compatibility with old scripting.
Update documentation to be more in sync with setup changes.
commit 4c3c1fa572918b3c36c82017d3e5ca06afdd0578
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 19 11:28:36 2009 -0400
updated changes
commit f64fdcdef481245831f859d3eed5470c900a31ab
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 19 11:26:05 2009 -0400
Fix for DPD with NETKEY by Frank Eberle <himself at frank-eberle.de>
In netlink_acquire() record_and_initiate_opportunistic() was never
called, so I've checked the if-statement. The return value of add_port()
defined in initaddr.c ist equal NULL when no error has occurred. So in
normal situations when add_port() does not fail, the if-statement is
always invalid.
commit 331dc7c72df852d70084f18ac969e0239c8b0ffc
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Oct 11 21:45:33 2009 -0400
Fix to allow ";" in the ike/esp parameters as per man page. Patch
by Avesh.
commit 71539c4e8308763c32d74c55d01b93091169dfb7
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Oct 11 21:38:47 2009 -0400
Fixes to make initscript LSB compliant, and to fix a "condrestart"
option that was missing. It also changes the root check from "test -w /"
to "test id -u". Patch by Avesh Agarwal.
commit bf4a4c16c65175d2be3ef5a2026828aaa4a15571
Merge: 2223bab cb1584a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 9 17:33:14 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 2223bab9c338f6744d64d755864905ef59d3d57f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 9 17:31:39 2009 -0400
updated dpddelay/dpdtimeout man page to reflect the new parser that
demands either both or neither.
commit cb1584aa5a050d337369c82e6ee6cb00c84ea6ad
Author: Tuomo Soini <tis at foobar.fi>
Date: Sat Sep 19 10:28:39 2009 +0300
Give better warning about missing default route.
commit 4765a4f094fd680f5aaa8bb05bc0d04dc18bcb53
Author: Stefan Arentz <stefan at Galactica.local>
Date: Thu Sep 17 15:42:44 2009 -0400
Changes for compiling on Snow Leopard 10.6.1
commit c4444390667c15a5697427eb53887f45233f2ad5
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Thu Sep 17 20:57:04 2009 +0200
compiling with -m32 flag now
commit 9b6c46a98aa2d07112cae4224d72c855473f5102
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Sep 15 22:48:04 2009 +1000
OCF fails to initialise IV on ESP packets
ESP packets sent using OCF acceleration have pseudo predictable IV's. The
OCF code fails to initialise the IV and thus gets portions of uninitialised
memory (quite often packet contents of IP addresses).
The possibility of predicting the IV's is not such a big problem
since the IV is visible in the resulting on-wire packets anyway.
A bigger issue is that this leaks 8 bytes of possibly sensitive
information in ESP packets that are traveling through unsafe networks.
commit 425fae52eef5b16c7c9ef3ed81820419fb19e1dc
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Sep 15 16:08:21 2009 +1000
Make pluto respond with NAT-D info in AGGR mode
NAT traversal is aborting at the remote client when pluto responds to their
initiated connection (ie., road warrior).
The reason for this is that pluto does not send any NAT-D information when in
aggressive mode, so the remote client has nothing to work with. The remote
client will see log messages like:
NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negotiation
Which should not happen between two openswan systems even if the connection
is not NAT'd.
Also the debug for NAT traversal when using aggressive mode was somewhat
less that main mode, so bring it more into line with the main mode version
and iensure that interface information is accurate and working.
commit fdf96e79d2bfe4947364635eff149bfffbcc3dc7
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Sep 11 16:08:13 2009 +0200
corrected the test files
commit a6a304b6b6d4938486cd7bf4432012281e45b612
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Thu Sep 10 22:21:38 2009 +0200
test file added and working
commit 1225a5b7c8f6fe04ff175dc2b4fd98b839ce878f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 8 20:36:35 2009 -0400
updates changes
commit eacba2017bdccc2e46d8aa88b18aa48e2f616be4
Merge: 078f030 bdae7df
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 8 20:31:35 2009 -0400
Merge branch 'master' into ikev2
commit 330e68a0b62477d5c602e63cac722b6affc564bd
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Tue Sep 8 23:41:40 2009 +0200
added test file for the start_conf struct
commit 078f030e4127802c736549e3caf92d7d65d81cec
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Sep 8 15:23:06 2009 +1000
Use skb_copy_expand to make a bigger skb
Remove the old openswan hacky version of skb_copy_ipcomp based on skb_copy from
linux 2.2.? and use skb_copy_expand so that when the skb structure changes we do
not need to add code to make sure everything is copied correctly for all uses.
commit a7f7141bdc98cb0681268d2728710b75e0227ebf
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Sep 8 12:59:32 2009 +1000
Limit the orphan holds checking to 200 iterations
I have seen pluto get stuck here, but I have yet to figure out why, and
it's not easy to reproduce. Rather than steal all the CPU and not do any
processing, lets just limit the damage somewhat and get some other work
done if things look weird.
Voip traffic on routed/transitioning tunnels may have been a factor in
reproducing this.
commit ee3bafeaad58eae129193e10f7dccc702be1c05c
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Sep 2 14:22:39 2009 +1000
Prevent aggressive mode tunnels losing phase2
Make sure we update any pending SA requirements with the new SA when we
replace it. Without this we end up with a phase2'less aggressive mode tunnel
that thinks everything is ok, phase2 will never come online.
The easiest way to create such a phase2'less tunnel is:
* central server running openswan with an Agressive mode road-warrior
connection.
* connect in with the road warrior client (DPD settings of 9 and 30)
* disable the tunnel at the server end in a way that sends a "Delete SA"
to the RW for both the P1 and P2 SA's. Something like:
'whack --delete --name XXXX' will do it.
* wait 2 or 3 minutes (gives RW phase1 and phase2 time to bail go back
to initial state).
* restart/enable the tunnel at the server end and wait for it to come up.
I am sure there there are some other combos that would show this behaviour,
but this was the easiest to reproduce that I found.
The problem is that when cleaning up the old SA it was still marked as
primary SA, and so pending information for the connection was cleaned
as well, thus removing the only thing that would kick in phase2 for us.
commit f2436a91d1d1b03198be7ec0fe02852b2fb69c2f
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Sep 1 06:39:20 2009 +1000
Allow PSK to change for aggr tunnels when refining
As aggressive mode send more information before the crypto
kicks in we can change PSK and migrate to another connection safely.
This allows you to have multiple PSK road warriors using different passwords,
just give them all unique left/right ID's to be sure of it.
commit c2ae7e0c89e42a7e6d7137f83d798e4e4e56789d
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 31 09:28:44 2009 +1000
Cleanup up narrow hold eroutes when tunnel is up
Currently there is a problem where traffic on routed road warrior tunnels
produces narrow hold eroutes that are not managed.
It seems there may also be some race condiitons causing hold eroute to
get missed.
These problems can prevent tunnels reaching their final states, or just
prevent traffic between hosts over the tunnel.
The previous commits were reverted as they were incorrectly stopping hold
routes on non-opportunistic tunnels:
6dcb7f540005bdb2894736c59048a2812499ab71
6e8b4648b735c9b222f0784d6894b4f0b72f85a3
Here we opt to clean up at a point when we know things should be good.
This is less than ideal but the interactions and dependencies within the
shunt/eroute code are tricky to follow and change without regression, so
the safe approach for now is to fix it up when we know what should be
happening.
As part of this, we also get to clean up what may be a large number of
host-host hold eroutes, that previously would have been missed.
commit 8e22a47cd7292b69282244a7470591d6e33711ee
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 31 08:54:44 2009 +1000
Fix comment to say initiating oppo and/or ondemand
commit 4f99bbcc12f0fb4e3662bd38f16ac54eb793a3cf
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 31 08:47:18 2009 +1000
Revert "Partially started opportunistic ... phase2"
This reverts commit 6e8b4648b735c9b222f0784d6894b4f0b72f85a3.
This reverts commit 6dcb7f540005bdb2894736c59048a2812499ab71.
The fix was wrong and ssumed that hold eroutes should not be present on
non-opportunistic tunnels, when they should be. The real bug is
mishandling of shunts.
Signed-off-by: David McCullough <David_McCullough at securecomputing.com>
commit b25f0b663d8738fcc21ea489e73740e153201849
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 31 08:26:47 2009 +1000
Fix a spelling mistake in a comment
commit 0f8e4dacc02d54a8cf94e9190d0e5371abf2a3ba
Merge: 9b5a0b2 75a152b
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 29 17:50:22 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
Conflicts:
CHANGES
commit bdae7dffb24ec52e465b08d4fa8d4c2011f89a5d
Merge: 9b5a0b2 927cf6d
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 29 17:49:12 2009 -0400
Merge branch 'master' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan
Conflicts:
CHANGES
commit 9b5a0b2b462cb4986ea3bb6c83f27d6bef79a891
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 29 17:06:31 2009 -0400
Removed old USE_SMARTCARD code. Smartcards are now supported via NSS.
Not all code was properly #ifdef'ed, so a few changes outside #ifdef SMARTCARD
were needed, such as checks for the secrets's smartcard struct (sc).
commit 927cf6de5b88188d90f3558871ec99105aaa6320
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 28 19:18:22 2009 -0400
Add BuildRequires for libcap-ng-devel.
commit 75a152b6aaa48b2fd985ebde9e9ece44bd2d035c
Merge: 0b0c278 f8ec857
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 28 19:15:46 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 0b0c278330d19c4258cc7bf6b53b32ad2536af30
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 28 19:15:34 2009 -0400
updated changes
commit c19ee152fe99ee805c8437dfebb43f223d4a0b02
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 28 19:10:30 2009 -0400
Support for removing unneccessary capabilities in pluto using libcap-ng.
This is enabled/disabled in Makefile.inc using USE_LIBCAP_NG=
The default is disabled for now using plain builds, but enabled for
builds using packaging/fedora/openswan.spec.
Patch by Avesh Agarwal <avagarwa at redhat.com>
commit f8ec857d63b350ec50c1dcf87c9360beb4e211fe
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 27 18:31:56 2009 -0400
Patch for using SmartCard with NSS by Avesh Agarwal <avagarwa at redhat.com>
commit c191acaef7c3d0b993b773d7018694e789b2741f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 19 16:02:50 2009 -0400
updated changes
commit f605f3b1bc09feef301b3d628c5d5f52aea3dd87
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 17 23:48:18 2009 -0400
Partial bugfix for #1004. We now get the right protoport settings
in ip xfrm pol.
The problem was that the ports are defined in two places, one is port
and another is within an ip_struct. The old whack code ran an
update_ports() on the whack message to synchronise these two different
locations. This code was missing in the new starterwhack.c code.
Patch by DHR and Paul.
commit 81f408331ebc259f2f0eb396866edbc9d6f75376
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Aug 17 19:19:40 2009 +0100
more work with the starter_conf struct
commit 2ca6ffc1bca881be6102791974c100475fb66701
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Aug 17 15:55:06 2009 +0100
sending the connection name to helper tool now
commit 66bf9236b5d33dfaab82ee8f10cd9196e334a958
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sun Aug 16 00:22:20 2009 +0100
more work on the starter_conf struct, some info is not being written, something is missing...
commit 2219ef6a587ac2089bbb10f6796f787c12dbf764
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sat Aug 15 23:22:51 2009 +0100
more work on the struct
commit 2f91804534181629d9d5ba204ba418ac83476d22
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sat Aug 15 03:45:23 2009 +0100
more work on the conn struct, why is cfg->conns.tqh_first NULL?
commit 9bad1138997704f6694c7e1b548ca53264cec694
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sat Aug 15 02:39:08 2009 +0100
working on the conn struct
commit cbe3131ad36b9477b1f51aa23e3d44c8481e6ed3
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Aug 14 00:42:31 2009 +0100
using ipsecconf_default_values to create the conn conf file
commit ab2d816fe40a4df45a2f6510c61a62052e2eb1fb
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Thu Aug 13 17:07:03 2009 +0100
it is compiling with the imported libs now
commit faf0b309e2b3b8a937a7a9f4485dc828c374ccac
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Aug 11 14:32:39 2009 +1000
Ensure reply_buffer is initialised before use
The global reply_buffer was not always getting initialised before
adding the packet hdr.
This meant that some packets would get piggybacked onto whatever was
previously sent. Evident by logs like:
pluto[NNN]: packet from A.B.C.D:500: size (296) differs from size specified in ISAKMP HDR (228)
Dead peer would often get triggered as we would get retransmitting the
broken packet and no real communications would happen. Tunnel would
come straight up after a restart. Errors like:
pluto[NNN]: "test" #XX: DPD: No response from peer - declaring peer dead
Although this was easier to reproduce when pluto was using helpers,
it may not be limited to only that configuration.
Before we out_struct the isakmp hdr, always reset the global buffer.
Be consistent and always "zero" the reply buffer.
Add a pcrc_init macro which helped in the debugging of this problem.
commit 4dc1bdf268e91e753de1ea67edf349a9df8b9aca
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Tue Aug 11 00:09:09 2009 +0100
still trying to add libs to the proj
commit 025c839b9946ef32527144e7e790d075f4f34176
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Aug 7 21:56:31 2009 +0100
imported libipsecconf.a to the proj, still one error while compiling
commit 9865c559f8dd6d553066e7b34718f0e692e0f14c
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Thu Aug 6 18:19:30 2009 +0100
code review
commit e72f14fe1d181a096c556ac3fc6658b8cd8e655c
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Aug 6 09:27:29 2009 +1000
Fix boundary conditions within ipsec_sa_recycle
There are some problems in the ipsec_sa_recycle() function when the
refFreeListCont swaps from one subtable to the next or when the end of the
whole refTable is reached. refFreeListHead should also only be set to
IPSEC_SAREF_FIRST, when a free "slot" can be found, because otherwise it
points to an illegal entry. For more details, see the attached patch.
Martin Schiller <mschiller at tdt.de>
commit 8d9f088830aa4431550863743a1315720f27e3e8
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed Aug 5 18:12:42 2009 +0100
fixed popup menus error
commit 1d96dd03bf48fbd0a4be4460d1bc8421a77b56c7
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed Aug 5 16:50:22 2009 +0100
fixed an error while editing conn name
commit 0c2a903dee7fc870993e1d51eb5bbf037f8c0536
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Aug 5 10:37:18 2009 +1000
skb_reset_transport_header for older kernels
We are using skb_reset_transport_header now and there was no macro
implementation for older kernels to use.
commit 1d9c0e31844c8e1d2dd15611aeaf484a9be98b06
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Aug 3 23:02:00 2009 +0100
all the options are being saved now
commit 794d292f91a1aa687102b85885eeebb3133599ef
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Aug 3 15:40:36 2009 +0100
saving some adv options now
commit c02d725cc641551d73780d42eb53411292332b33
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 3 11:05:10 2009 +1000
Add compile time debug code for finer grain tracking of all SA's. This helps
with finding refcount problems and why SA's may not be getting freed.
Tag every SA get/put based on it's purpose so that identifying the subsystem
responsible for refcount problems is easy.
Provide a /proc/net/ipsec_saraw file which shows all allocated SA's as
/proc/net/ipsec_spi only shows those that are still in the reftable.
Include the number of gets/puts for each SA/purpose in the
/proc/net/ipsec_spi and /proc/net/ipsec_saraw entries so the problems can be
easily seen.
commit 9dff3971df7314cbe8e3d47a13fceacbd541b10e
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 3 10:49:26 2009 +1000
There are a number of bugs with the SA refcount usage in klips. This is
causing SA's to hang around and their memory not to be freed. For OCF
systems this can run HW out of resources.
Most of it stems from pluto's assumption that deleting an SA that is part of
a group will clean up the whole group, but the klips SA group removal code
is not complete.
Firstly, ipsec_sa_rm and ipsec_untern need to be called on each SA in the
group to reduce the reference counts.
Further to this, on a group SA, pluto will free only one, for example the
most comon would be the ESP SA. But there are IPIP and potentially others.
Depending on the direction the order of the SA's is changed.
Because the current grouping code was a simple linked list, if the ESP SA
was not at the head of the list (due to ordering) the others would be missed.
To fix this we now have a doubly linked list so we can easily find the head
of the SA group when performing group operations.
There were also a few instances of underflow refcounting that are fixed by
this patch.
This patch implements the minimal fixes needed at this time to cleanup the
klips refcount usage. There will be a followup patch that contains the
tracking code used to find these problems and clean it up :-)
commit 49c4f19d41ec34703611fadfd6d2593045ee2095
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 3 10:46:03 2009 +1000
Debug was mixing up SA's, which is confusing to read later.
commit a5966810816c2cd3562ce05764547fb8a330131e
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Aug 3 10:45:09 2009 +1000
Add some missing debug options to the usage, there are more missing
that need to be added.
commit d69e8a6678eb9b4baa83600c5f65ea8c79a5f9bc
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sat Aug 1 16:08:38 2009 +0100
now storing all basic options
commit bcce2b6b3e4a43e89e7df29ef4030f90cdd6de8d
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Thu Jul 30 19:05:55 2009 +0100
worked on the saved options
commit b78d42e76cd9aca4d9c1fef58475009e54d63c1e
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed Jul 29 18:38:50 2009 +0100
improved helper tool
commit b12cb300a4895ce4f8139b809ee21b6e83731107
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed Jul 29 18:20:29 2009 +0100
passing a string as a response in the helper tool
commit 70cfe8c399c7a53e3006ce77eaaffd039489c372
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Tue Jul 28 15:23:07 2009 +0100
calling ipsec --version from the helper tool(it still does other stuff)
commit ddbde2c8288e7eb2ef28362c3bf854d556f976a6
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 27 13:17:37 2009 -0400
updated changes
commit cfc7cc9e08e5a875f4964205f507e224f695bfb7
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Jul 27 18:08:55 2009 +0100
working with the helper tool
commit 36efba2c160bfe9c017d7a93682320f99ee2b234
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 26 12:31:35 2009 -0400
Fixed initscript LSB header, found via google alert at
http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/c3d8f98ffb418822/6f10b8763d8cad07?lnk=raot&pli=1
Please Debian, please report bugs upstream!
commit f05bba128cfa6d940d9540a2cfd262f326592d40
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 25 20:34:33 2009 -0400
Move the fipscheck code from the _realsetup to pluto. However, this
patch assumes a hardcoded path for /usr/libexec/ipsec that needs
fixing. Since pluto should be there too, perhaps we can find the
directory that way?
commit 6dcb7f540005bdb2894736c59048a2812499ab71
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Jul 24 14:11:54 2009 +1000
Fix busy loop in pluto when invalid OPPO detected
Under some situations pluto will busy loop (hung) in pfkey_dequeue as
all the orphan_holds are for non-opportunistic tunnels, and we no longer
call the opportunistic code that clears it in that case.
If we see oppo. traffic on a non-oppo tunnel, clean up the orphan hold
and return.
Also fix a NULL dereference from 6e8b4648b735c9b222f0784d6894b4f0b72f85a3
due to a missing return.
commit e8e550797dbed565faa9a1cd05fb38b3eb8f0524
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed Jul 22 17:54:02 2009 +0100
writing a file with the needed info for a PSK connection
commit 9e59be5618b43e3077a9895aa81849149443564b
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Tue Jul 21 00:56:32 2009 +0100
file with connect name created when connecting
commit 590fc429798156510b1bcbfb22f0ac46a1877d58
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Jul 20 16:35:45 2009 +0100
some more changes to the gui
commit 45ad79723855e81f691a1123238db4ab70fdf620
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Jul 20 15:49:40 2009 +0100
some more changes regarding the connection options
commit 12d7e50962e13cd8d93ad97c3d3a2a8426cd507e
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Jul 20 15:19:25 2009 +0100
changed the input for the IKE option
commit 23c8d9846bf9a1001f02a6f271285a01b779ecf1
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Jul 20 13:33:59 2009 +1000
Clean up some debug.
Make some left over debug CONTROLMORE rather than always logged.
commit 7a847c87e470ff5d3bb834bb45778bd9fd36d13e
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jul 17 17:51:52 2009 +0100
changed some connection options
commit 6e8b4648b735c9b222f0784d6894b4f0b72f85a3
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Jul 17 09:28:01 2009 +1000
Partially started opportunistic init breaks phase2
Do not start any opportunistic operations unless we belong to an opportunistic
tunnel. Installing the bare shunt on a non-opportunistic tunnel causes us
to fail to "replace" the eroute later as there is actually no eroute and
we should be doing an "add" (we do a replace because bspp is non null in
pluto's route_and_eroute function).
This problem shows on "routed" tunnels that are not up (ie., auto=route).
If you ping an address on the remote network, openswan will start an
opportunistic neg. as above, abandon it as the tunnel is not opportunistic,
but leave the bare shunt in place.
The symptom after this happens is a tunnel the doesn't ever complete phase2
and gets stuck in an I1/R1 state start rather than complete and make it to
a I2/R2 state.
There should be a K_SADB_X_ADDFLOW error in your syslog,
errno -14, Bad address (EFAULT).
commit bfc634c96cc26c93170546413f86248dffa1321a
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed Jul 15 17:21:52 2009 +0100
changed some elements in the gui
commit 3bf635f6c211a5c008473098b475002c3fca44b8
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Jul 15 12:00:12 2009 +1000
Do not hand decode IPv4 addresses
Don't decode the IP address '.' notation ourselves or we get it wrong for
big-endian. Addresses like 10.99.99.1 are printed as 1.99.99.10.
commit 3ac8e99350d6f64d20366ad54e5767db2ccf160a
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Jul 13 13:49:28 2009 +1000
whack --crash <IP> crashes
Not all the code was correctly switched from "st" pointers to "this" pointers
and "st" points to this->st_hashchain_next, which is NULL.
commit e3afe070c84029b90d72f58903d0fc911de8ad3a
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Jul 12 11:06:41 2009 +0300
Fix formatting of README.nss and fixed one bug where leftcert was leftid in example.
commit db41118ef66d5838cdd55b5f67755d5e928e3a85
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 11 01:36:15 2009 -0400
updated changes
commit 23037bba7b8b19ae7bdf369a2dec100b612a8470
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 11 01:25:18 2009 -0400
This patch by Avesh Agarwal <avagarwa at redhat.com> adds PSK support
to USE_LIBNSS. It also fixes some warnings and removes some debug
logs from the NSS related code.
commit 812c34ad3db8312428e5cb5a06b65e67ea6102bb
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 11 01:24:00 2009 -0400
Added fipschecks to _realsetup. Patch by Avesh Agarwal <avagarwa at redhat.com>
commit 674733a0782743adff9d8ccc337ea4db11bce7c3
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 11 01:16:24 2009 -0400
updated man pages
commit 724bef66919bc94d92cde5384d0b42716c665f39
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jul 10 16:57:40 2009 +0100
it is compiling now
commit 1d16cc7dea4840e0ccba6d75650d15604cdb99cd
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jul 10 16:50:17 2009 +0100
hope growl is linking now
commit acc6bb3ec62e81f8aad331b00494e524d5b55625
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jul 10 16:44:03 2009 +0100
fixing growl framework thing, removing the old one
commit 572a1ca1352de43206c10fa297bb244c94cf6fb4
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jul 10 16:04:39 2009 +0100
tried to fix the compilation problem
commit d1a2af9306eb51ab15cf316f0e34ec6dce8df276
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Thu Jul 9 22:06:17 2009 +0100
calling a routine that needs admin auth. not the right routine (yet)
commit 5591e8c36e0447b8237a1d7e0789f49d665a0bfd
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Thu Jul 9 18:19:29 2009 +0100
working on the Helper Tool, doesn't compile
commit 28a992f0212ef882d81251eb05255c63ef8c5df8
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 8 23:15:52 2009 -0400
Changed default timeout for ikeping to 5 seconds. Changed time
option to specify seconds, not miliseconds.
Updated man page to reflect that pluto implements the ISAKMP echo
draft as well.
commit fc24da8fafbd68e96d8990eccd89a24f66306aca
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed Jul 8 23:37:37 2009 +0100
started with the helper tool implementation
commit ca7466a979da2060e2e3e7a8a15d611a13afb8ef
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 5 22:48:31 2009 -0400
Fix by hiren joshi, confirmed by dhr, where a log message was wrong
because it used bitnamesof() in the same statement twice. This fails
due to it using a static bugger.
commit eb21eb4c99f2d2366d69ccbf17cae49e81c600ca
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 4 14:26:48 2009 -0400
removal email address on request.
commit 1b8eabb30b801f8802e96dd50bba226c009acd94
Merge: 1254ffb 743768d
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 4 14:25:40 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 1254ffb5eb16d4a96d1781bbc0dbb06cf70c6021
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 4 09:52:23 2009 -0400
updated NSS readme
commit 17661966fa5145b0476b24d57ec333bf04fee2fc
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed Jul 1 17:41:26 2009 +0100
added growl support to the app
commit 743768d7667b1d21d6912624c94ac1029ee4413d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 30 18:15:17 2009 -0400
Make sure ipsec verify returns non-zero when a test failes. Added
udp 500 / udp 4500 tests using lsof, not netstat (obsolete cmd).
Removed dead code from ipfwadm --check days.
commit d118af4d5a04c14a939bffa17cfad86769c9996a
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Tue Jun 30 17:12:55 2009 +0100
fixed the window resizing and added the connection timer
commit 5dc78ebca7ec02268424199ab389e5597676e31f
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sat Jun 27 15:05:01 2009 +0100
creating and deleting connections is now possible
commit a3ec1cadd68fad2affdf39a676eda3834a6216e1
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jun 27 00:39:01 2009 -0400
Changed the default time out for ikeping from 10 to 3 seconds.
Changed the return status of ikeping to be (send - received) when
ikeping is sending, so that its exit code can be used by livetest.
commit 021ae5becc246a0434cb95ca4020b48523234b58
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 26 15:08:23 2009 -0400
updated makefile in examples/
commit ff2f89b22b335a90a59a24cef6fbf28ca795ca50
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 26 15:07:12 2009 -0400
added more docs to hub-spoke example
commit c6ac046df2ddf9d91d2095868e374f9817306b0d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 26 14:59:24 2009 -0400
Added hub-spoke passthrough example.
commit 9d338efb3d20543e98d5bd14871a9911b9ef537b
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jun 26 18:06:44 2009 +0100
(de)archiving on startup/closing and save/load
commit df356cd4a07b3c302edc16dd7a6d5792632eb1a6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 26 12:46:51 2009 -0400
Patch for creating the missing "dir in" netkey policy when using
passthrough routes. This is https://bugs.xelerance.com/issues/907
Patch by Michael H. Warfield <mhw at WittsEnd.com>
commit 0154b514a72d5394191e8ef279ecc3fdeb0759cd
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jun 26 17:44:54 2009 +0100
archiving is working
commit 53408878182e1a2a412c73fb77640506134d5a53
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Thu Jun 25 23:03:17 2009 +0100
more work on the archiving, still not working, but closer
commit 038d1540bdcf1c3bf95fe14ddabea45dcc54345b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 25 17:45:15 2009 -0400
updated changes
commit 6a1adeec8774b3cb9e8c3eba0fb53b74f4a00b7a
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 25 17:37:18 2009 -0400
Fix for when we use the new nat-t style but have an old nat-t patch
patched into a 2.6.23+ kernel. We do have a problem though.
Unfortunately we have two versions of this function, one with one
argument and one with two. But we cannot know which one. Let's hope
not many people use an old nat-t patch on a new kernel with
openswan klips >= 2.6.22
commit 207f0d23eda5c0416d4f5e9371814eada89c97bd
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 25 17:03:37 2009 -0400
updates changes
commit 2d9521853f3194d0910cd0ae1c21558d4b63de93
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 25 17:00:36 2009 -0400
Building via the spec file dropped the lwres define during 'make install'.
causing the followin errors to appear:
pluto[ 7105 ]: FATAL ERROR: /usr/libexec/ipsec/lwdnsq missing or not executable. Errno 2: No such file or directory
This is bug https://gsoc.xelerance.com/issues/1044
Issue found by Joe Steele
commit 2cc11281652df52b4c76623d40101999902307f6
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 25 16:54:16 2009 -0400
If NF_INET_LOCAL_OUT is not defined, define it as NF_IP_LOCAL_OUT.
commit 895ebeb96192394dd3518beb11c675b4b1429ec1
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 25 15:36:57 2009 -0400
updated changes
commit 32ad3250060480b8d366ccfc1900cd31c49b812a
Merge: 89a930e 5aa68a6
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 25 15:29:45 2009 -0400
Merge branch 'ikev2'
commit 5aa68a672f0abfb4aa62514dfaf3b65ee01f3991
Merge: d055c50 483f6bf
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 25 15:29:25 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit d055c5091065360a0fc155f5b6b8fd669692995d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 25 15:28:42 2009 -0400
Revert "set PROGRAM properly"
This reverts commit ab8d2d5762d5345f545e5a553b64f3fa57c39a4e.
This causes "setup" to be installed in /etc/init.d/setup. This
case is an exception because it should be installed as "ipsec".
commit 483f6bfd4a1b9e900cb352bb4214ec1ce20016b7
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jun 25 15:57:18 2009 +1000
Check the length at all exits from asn1_length.
If we are going to check the blob length everywhere to be safe,
then we should also check the simple case IMO.
commit 56400548fa2575d1cc010635f5b6cca660ce0e9e
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Jun 24 11:34:30 2009 +1000
Some missed fixups from the Orange Labs patches.
The scanf fix is not a problem, as we redo it and check the result.
The extra blob length patch is required though.
commit 89a930ec7ed49607ab36648a1768cb4135aa23ca
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 23 10:57:02 2009 -0400
fix typo in Makefile ikpg_clean target. Found by Gilles Espinasse
commit f0ba1f7ce697c7a0fcf8989b11d0d8f7bd285d95
Merge: 3176d2e 349250c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 22:50:35 2009 -0400
Merge branch 'ikev2'
commit 349250c118351595c089fa0730610bd79087560a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 22:47:48 2009 -0400
updated changes
commit 8d42f0a546b1e3508804fc47d8c7750686b24783
Author: Gilles Espinasse <g.esp at free.fr>
Date: Sat Jun 20 16:23:56 2009 +0200
fix scandir incompatible pointer type warning
google say cast is the way to go for scandir
http://gcc.gnu.org/ml/java-patches/2003-q1/msg00113.html
Fix
/usr/src/openswan-2.6.22rc2/lib/libopenswan/x509chain.c:211: warning: passing argument 3 of 'scandir' from incompatible pointer type
/usr/src/openswan-2.6.22rc2/programs/pluto/ac.c:740: warning: passing argument 3 of 'scandir' from incompatible pointer type
/usr/src/openswan-2.6.22rc2/programs/pluto/x509.c:434: warning: passing argument 3 of 'scandir' from incompatible pointer type
Signed-off-by: Gilles Espinasse <g.esp at free.fr>
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 6053df6d71a7fdb87b92e757b383d387fd77e115
Author: Gilles Espinasse <g.esp at free.fr>
Date: Sat Jun 20 11:32:04 2009 +0200
fix format expect long int warning
/usr/src/openswan-2.6.22rc2/modobj26/pfkey_v2_build.c:99: warning: format '%ld' expects type 'long int', but argument 4 has type 'unsigned int'
/usr/src/openswan-2.6.22rc2/modobj26/pfkey_v2_build.c:107: warning: format '%ld' expects type 'long int', but argument 4 has type 'unsigned int'
/usr/src/openswan-2.6.22rc2/modobj26/pfkey_v2_build.c:1349: warning: format '%ld' expects type 'long int', but argument 3 has type 'unsigned int'
/usr/src/openswan-2.6.22rc2/modobj26/pfkey_v2_build.c:1353: warning: format '%ld' expects type 'long int', but argument 3 has type 'unsigned int'
Signed-off-by: Gilles Espinasse <g.esp at free.fr>
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 38da750ece09decee551d9669fcfd0c3eda86440
Author: Gilles Espinasse <g.esp at free.fr>
Date: Sat Jun 20 11:32:05 2009 +0200
silent wrong uninitialized compiler warning
(gcc-4.2.2)
/usr/src/openswan-2.6.22rc2/programs/pluto/rnd.c:175: warning: 'rnd_dev' may be used uninitialized in this function
/usr/src/openswan-2.6.22rc2/programs/pluto/nat_traversal.c:673: warning: 'r' may be used uninitialized in this function
Signed-off-by: Gilles Espinasse <g.esp at free.fr>
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit f3f0b08600a650b34a37b4ea060f09970d15bc73
Author: Gilles Espinasse <g.esp at free.fr>
Date: Sat Jun 20 11:32:03 2009 +0200
fix unused variable warnings
/usr/src/openswan-2.6.22rc2/modobj26/ipsec_rcv.c:2067: warning: unused variable 'i'
/usr/src/openswan-2.6.22rc2/modobj26/ipsec_rcv.c:2066: warning: unused variable 'prv'
/usr/src/openswan-2.6.22rc2/modobj26/ipsec_rcv.c:2065: warning: unused variable 'prvdev'
/usr/src/openswan-2.6.22rc2/modobj26/ipsec_rcv.c:2065: warning: unused variable 'ipsecdev'
/usr/src/openswan-2.6.22rc2/modobj26/ipsec_rcv.c:2064: warning: unused variable 'name'
Signed-off-by: Gilles Espinasse <g.esp at free.fr>
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 8cca07bddd7b8ed7c85f383a2c24bed60e5e3c60
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 22:44:10 2009 -0400
updated generated man pages
commit aa3b87eb9d83a2c58ef7b8b22965112106ec9ed1
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 23 11:20:03 2009 +1000
Fix some typos/cut-n-paste comments and trace.
commit 1c74caebc1c783b6f49a96a40bea8865cb0542c9
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 23 11:17:41 2009 +1000
Add more checks to OCF sa handling.
Do some more checking to make sure we are initting/freeing SA's
that we have not already seen, just to be sure all is well.
commit a1f345204f82946ee823f6ccfd9642291761424f
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 23 11:16:06 2009 +1000
Restore come lost OCF code from a previous commit.
Some OCF code was lost in the ALG cleanup. Openswan works without it,
but this path is called and we have always called OCF from here. I would
rather leave it in for now and check it properly later.
commit 2c3f2933c22bc38d5f9e5d40e485dfc43504283e
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Jun 23 11:14:52 2009 +1000
pluto_crypto_helper trace always claiming exiting
The trace for pluto_crypto_helper exiting had found it's way to
the crypto_op function causing lots of untrue trace about it exiting.
commit 78a6ca473f937dcb53df45535add23dfd33bda4f
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Tue Jun 23 00:42:25 2009 +0100
working on the archiving
commit 538f2de071ccbd101cc7286d6e4b666df7ee0dc2
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Jun 22 23:56:49 2009 +0100
trying to make the archiving work, not successfull yet :(
commit 7c66772a8f299053d0d9947b4f534441032a2075
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 14:10:20 2009 -0400
use proper struct.
commit 3cefad169e44382f64dcc6db974849d4d54058d4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 13:52:23 2009 -0400
typo
commit 3176d2e781470751c3bacc4f5e89e97c4e58d857
Merge: 682e159 04bfd54
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 13:48:36 2009 -0400
Merge branch 'ikev2'
commit 04bfd5415d38bc8b306d03b8458f04d2307ac484
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 13:48:13 2009 -0400
updated changes
commit 166b2f895a79a5a9ff598a08f72b9d9c05dcb590
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 13:44:33 2009 -0400
Revert "do not insert sysctl variables into /proc as they are no longer"
This reverts commit b57b587c668f3e840209c85e744fa56b6e57a200.
commit 6d96dd6fabd2f4f75f32068deddd7c2904aa4d58
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 13:44:22 2009 -0400
Revert "Only define error_sysctl_register with CONFIG_KLIPS_SYSCTL"
This reverts commit 261478fbd49c240fed30d8cf7fd8353289a56dde.
commit a3e4ce88a83b384c903eac51030f6b3681f64c0d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 13:06:44 2009 -0400
RDN patch for vulnerability found by Orange Labs. Patch by Andreas
Steffen.
commit c8fa1909125449e714658fa049deb2c7b2d2081f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 09:08:28 2009 -0400
Deleted ipsec_alg_sa_init() since it was no longer used.
commit c797ab6827773e7784948f2121a915648de266a1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 08:58:04 2009 -0400
updated changes
commit 8b3a1929acf7891181e389e0590224cf282cac3b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 22 08:53:35 2009 -0400
Malicious X.509 certificates could crash the asn.1 parser. Found
by Orange Labs vulnerability research team.
commit 64498cd9157846f7442888f1ff9dfbf40abba1c4
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sat Jun 20 14:35:27 2009 +0100
started to write the code for the archiving
commit 10fda7f063057c754404bb2c11a84ab4b12b384e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 19 19:22:19 2009 -0400
updated CHANGES
commit 682e159138f6a39aad78f253a94456b35cae71bf
Merge: ddb4636 740d046
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 19 19:13:05 2009 -0400
Merge branch 'ikev2'
commit 740d046fbf7b535536d0df3ef9ab099cdac06f06
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 19 19:10:56 2009 -0400
Fixing the path from Nick Jones again. Now confirmed KLIPS works again.
commit ddb4636f502053aef4e4b73453d58633ef9e3c35
Merge: 0cc2637 85c2534
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 19 17:21:52 2009 -0400
Merge branch 'ikev2'
commit 85c2534a2c116719aeca1270a1aed2e0fef42c14
Merge: 7722e65 752f2a9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 19 17:19:47 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 7722e65bd010df31b847b406b988062065b3dd2e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 19 17:19:36 2009 -0400
updated changes
commit 32312bd9b0e944e0b1e912e9fb0c5dcb5bb121cf
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 19 17:17:50 2009 -0400
linux 2.6.30 removes proc owner attribute.
Patch by Harald Jenny <harald at a-little-linux-box.at>
commit 81b4d38a2c17bd8adaa74624e6bcce2b37df64a6
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jun 19 19:10:58 2009 +0100
added a singleton for the connections array
commit 98b7187108532085567c1c762b5252be25b2ad0c
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jun 19 16:26:16 2009 +0100
removed a lot of not needed NSArray
commit a3914d8b636240c72748c7b70e0cf32f77123be5
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jun 19 15:01:36 2009 +0100
changed the auth options
commit 1d2e038d0609638172a64c6d37b9d95f9c994b54
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jun 19 14:42:13 2009 +0100
added come more variables to save some options, the Auto PopUp is not working
commit ec6058d7d861abd085c2aaea8cb02b5c9e59264d
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed Jun 17 17:09:31 2009 +0100
more options are being used now. Some changes to the main menu were made
commit 457e9fb48a1afa4736b8cec91443c2f9053f70c7
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Jun 15 18:45:59 2009 +0200
organized the controllers
commit 752f2a9621e7120591ac74babbc3433009e8e5ca
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jun 13 14:19:39 2009 -0400
Fix for Nick jones previous patch. See
https://bugs.xelerance.com/issues/1023
commit e4a78b66ff21a9fd7ccbf128321a4a2148c5398f
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Thu Jun 11 18:38:21 2009 +0200
added the initial menus and a blank preference menu
commit a462bf6c79d72b0ef411663906ce0d5a454bf549
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Tue Jun 9 17:58:16 2009 +0200
added custom views to disable unavailable groups of options
commit 0cc2637e3339418f9c82665dcea9aa17db23451f
Merge: 42255b2 62bbcba
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 8 22:26:05 2009 -0400
Merge branch 'ikev2'
Conflicts:
linux/include/openswan/ipsec_kversion.h
commit 62bbcba1f0bb7d6f0c97028a96d420a1b116a7d2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 8 22:12:12 2009 -0400
added nss howto by Avesh
commit a05e15cf3133d20ab3e96a865da158513d2e00b8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 8 22:10:25 2009 -0400
Don't allow authby=secret when compiled with NSS, as you cannot
store shared secrets in the nss db, and it is not allowed to be
stored outside it.
commit 631a50381bfb3fa2749dd60053e0ba6da6948c76
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 8 22:09:29 2009 -0400
Updated NSS patch by Avesh
commit f994f172076e8d7e19f8a9874b2a32a29c43f8cb
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sat Jun 6 17:51:39 2009 +0200
more changes to the View and changed the path to the class files in the project
commit 91909dce9516533a90c7582d8fdf20d545bd4441
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sat Jun 6 00:58:05 2009 +0200
some more changes to the gui
commit 76390f116b324d6c6fe98b8881c21e40fb6b1307
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Fri Jun 5 19:19:25 2009 +0200
interface improved after feedback from LetoTo
commit a5548d43c6b94558e24507a86ec4790147432ec7
Merge: c8a8cd9 55ce8dd
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 4 22:55:48 2009 -0400
Merge branch 'ikev2' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/
commit 55ce8dd1630f81aad5296c345482236d0eb57632
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 4 16:30:35 2009 -0400
Revert "Revert "Use NF_INET_LOCAL_OUT, not NF_IP_LOCAL_OUT""
This reverts commit 86ba924f3a63b94d17124223228098fd6d6b5a43.
commit 86ba924f3a63b94d17124223228098fd6d6b5a43
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 4 16:11:02 2009 -0400
Revert "Use NF_INET_LOCAL_OUT, not NF_IP_LOCAL_OUT"
This reverts commit 7ade4190957445c1b84a3782c64fbb436d1a0d5e.
commit ea6d37fc5a0f7208eab27ca5fb9de2f4bef83823
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 4 16:08:24 2009 -0400
pull in linuxrc-funcs.sh
commit 4df6abe6c4beaa6bb614dbd80febf62df722a811
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Thu Jun 4 17:20:02 2009 +0200
auth optios now depend on the end user option
commit 93f556d7d350df6cd3c12a0d48be2ba76205a31e
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed Jun 3 16:55:25 2009 +0200
show advanced options working. redesigned some elements
commit 9bc45d37a35221cc07598a80fa6c0f6b0f999d3c
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Jun 1 20:11:45 2009 +0200
the show adv opts button is now changing the size of the window
commit 898c439379dd8930f2b62cd3122ec489b6bfdd87
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Mon Jun 1 19:37:58 2009 +0200
changed almost all the input types to pop-up windows and check buttons
commit 6cf7794200ae1fb9e523258137e382e2c9358e19
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sat May 30 17:50:26 2009 +0200
Prototype v1
commit fcc5faef6fccabe021f4ab208259e7ed07341bf9
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sat May 30 16:18:42 2009 +0200
the array controller for the connections is set, but it doesnt update the changes in the view
commit a5bf7ea0b57653c712a063e1b784ac98543eec3b
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Wed May 27 19:50:46 2009 +0200
working with the array controller to change between connections
commit c8a8cd90e54718dba9e05acfaaad5eecc5a4e89a
Merge: 0e15092 8399ef6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 27 09:12:38 2009 -0400
Merge branch 'ikev2' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/
commit 8399ef633dc3e59574777b40800afdf340ff233d
Merge: 31531e4 a91bcd8
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 27 15:07:00 2009 +1000
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 31531e49e4199a9673e1a72c11d5c1feb407d7fb
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 27 15:05:02 2009 +1000
Only define late_initcall if kernel lacks one
Include the kernel header to get the correct version before we
go making our own.
commit 0e150926f5a2223f7b659a60a0c49afd88ab8c98
Author: root <root at thinkpad.xelerance.com>
Date: Tue May 26 22:34:18 2009 -0400
Revert "Some fixes to the oakley_enc_names enum list. There are still"
This reverts commit 8d1ef2434e6eea107141b428203da40bc3487360.
commit c6988f5d88083ef0db7f6164b31e60f53a3353b8
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 26 21:49:13 2009 -0400
A patch for an iops due to improper ipsec_sa destruction. This is bug #1023
See https://bugs.xelerance.com/view.php?id=1023
Contributed by Nick Jones <nick.jones at network-box.com>
From nick:
There is a discrepancy in the way that ipsec_sa objects are initialised
and destroyed, causing a kernel Oops in ipsec.ko while destroying an
ipsec_sa that was found to be invalid part way through initialisation.
This happens when adding an spi with the same id as one already established,
but we are also seeing this happen at runtime on heavily loaded boxes.
The solution I am suggesting is to perform a more mirrored init/destroy
by tying more closely the ips_key_e and ips_alg_enc fields of the
ipsec_sa structure, similarly the same should be done for ips_key_a
and ips_alg_auth. This patch does this by removing the call to
ipsec_alg_sa_init in pfkey_sa_process and moving it (actually the
logic therein) to ipsec_alg_enc_key_create, so that the initialised
key structure is guaranteed to match the algorithm used to create (and
destroy) it.
commit a91bcd802e896e714a8122f36b84b42f1f39ec7c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 26 21:43:52 2009 -0400
updated man pages
commit f76612ef2a59d0e71a07cc4f5ebfeafecbc709c4
Merge: e9a8bdb 8d1ef24
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 27 08:51:01 2009 +1000
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit e9a8bdb3297fe10b8c63672f641c4162d8989b2b
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 27 08:47:22 2009 +1000
Fix up the "patchless" NAT-T support in klips
This gets klips and nat-t working. The decapsulation code is still needed
because we cannot use the code path in the kernel that net_key uses, so
the klips version is just a dupe of the net_key/xfrm kernel code that isn't
there if you are using klips ;-).
I also cleaned up all the differing NAT_TRAVERSAL ifdefs to be common as
CONFIG_IPSEC_NAT_TRAVERSAL will not longer exist.
I made pluto auto detect the best NAT-T approach for the klips stack.
I have tested this with linux-2.6.29, with and without the old nat-t patch
using both klips and netkey. All four combos worked for my tests :-)
I haven't tested with an old pre 2.6.23 kernel.
Special thanks to Harald Jenny whose original klips patch was the basis
for much of this implementation.
commit 8d1ef2434e6eea107141b428203da40bc3487360
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 26 17:46:31 2009 -0400
Some fixes to the oakley_enc_names enum list. There are still
multiple attempts to register "0" though.
commit 45613f4d5873087609eef7ca55c90f724e8c29a8
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Tue May 26 23:31:15 2009 +0200
changed osxApp. Still need to fully replace Model class
commit 261478fbd49c240fed30d8cf7fd8353289a56dde
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 24 17:15:14 2009 -0400
Only define error_sysctl_register with CONFIG_KLIPS_SYSCTL
commit 0c9df4780e18dd1d3da317c35844fe56b6ad0db3
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 24 17:11:40 2009 -0400
Conflicts:
testing/utils/buildinitrd
testing/utils/uml-functions.sh
commit 059890e8bc0da52efc64620cb9c11f4ecc2cae35
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 24 17:03:48 2009 -0400
merge of various commits against the umlswan26.config file. This
brings it up to 2.6.27
commit 4cd75278cb3b3ff2bcc437c3f5482056fb0de974
Author: Michael Richardson <mcr at sandelman.ca>
Date: Tue Feb 10 21:42:04 2009 -0500
#2 - minor change to remove yy_no_input
commit 68deeb4bcbb4355675a5f3ab8acb85fb810bcd6d
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 24 16:57:29 2009 -0400
updated docs
commit 73139b50a6c535c27ee7259b0e51dd0537dc2e7a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 24 16:57:15 2009 -0400
updated docs
commit fd9688c9b69674cd4d5eac936eae6a334f8ab4ea
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 24 16:53:26 2009 -0400
fix doc on how to pull our git tryy.
commit b57b587c668f3e840209c85e744fa56b6e57a200
Author: Michael Richardson <mcr at sandelman.ca>
Date: Tue May 19 13:48:44 2009 -0400
do not insert sysctl variables into /proc as they are no longer
easily welcome in 2.6.26+
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit f0fd6c6d05dfa76c51eee049f09cfafa1ed5b7a0
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 24 16:46:49 2009 -0400
Pick a random mac address for now (from commit 52d314
commit aa94e62a40fd9de1c485832a85bd2c33ac0e4661
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 24 16:31:29 2009 -0400
Add destructor as from ipsec_tunnel, from commit 52d314.
commit 07596a773f30021eca52c4babd152ef43800132b
Author: Michael Richardson <mcr at sandelman.ca>
Date: Tue May 19 13:51:20 2009 -0400
socket_DATA has been obsolete in UML for some time
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit c4b3c577dd949671711a761295594564d6f4cd7b
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sun May 24 18:48:49 2009 +0200
added missing man and worked on osx GUI
commit 33ab482823dae218428bc69e13bd0f65b0e9050a
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 23 00:25:07 2009 -0400
Extended two OSX defines to include FreeBSD as well
commit 983c8f7f56f50b7c224449573784a32bba34c000
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 23 00:24:32 2009 -0400
Disable NSS in Makefile.inc
commit ef822d9ad38f12f1d1f41bf346915e6727a9a364
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 23 00:23:24 2009 -0400
Update the packaging/defaults file for freebsd for recently
added options.
commit 3bee87853266d93cee714490756571d134513080
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 23 00:23:00 2009 -0400
Added sysdep.h for freebsd.
commit 3ca40e669b3a996aa5684f2529946b7b7dbc8c0a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 22 22:34:48 2009 -0400
On OSX, we need to set the sin_len of struct sockaddr
commit 284d0653c27dce07340c67eacab352fe63e6f5c9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 21 23:18:44 2009 -0400
Changed default to disable nss again. We can now build successfully
without it.
commit 2484466c200091399798d0a95f10103ff07ffe18
Merge: c3df11c 0d9b4b3
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 21 23:15:17 2009 -0400
Merge branch 'osx' of ssh://paul@gsoc.xelerance.com/gsoc/git/openswan.gsoc into osx
commit c3df11c0e46dbf6a81a8c3a9f0ed9472b3f0dc33
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 21 23:13:43 2009 -0400
updated changes
commit 57547ded30c8b22977b8107f43981fc36e7b9fc4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 21 22:38:44 2009 -0400
Compile fix by D. Hugh Redelmeier for this error on OSX:
Undefined symbols:
"_oswcrypto", referenced from:
_oswcrypto$non_lazy_ptr in libopenswan.a(pem.o)
ld: symbol(s) not found
His explanation:
C had declarations of objects. A subset of them define objects. A
declaration says: this is the type of this thing and a few other details
like its storage class. But it doesn't make it exist.
A definition makes the thing exist.
Strict C allows only one definition in all the files that make up a program.
Something like "extern int i;" is surely a declaration that isn't a definition.
Something like "int i = 3;" is surely a definition.
Something like "int i;" is a tentative definition. It works as a definition
unless something better comes along. (roughly)
So the change turned a tentative definition into a for-sure definition.
It should not be needed. I don't know why this build system (xcode?) is
requiring it.
commit 7ade4190957445c1b84a3782c64fbb436d1a0d5e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 21 22:24:59 2009 -0400
Use NF_INET_LOCAL_OUT, not NF_IP_LOCAL_OUT
commit e55bc1ca6ad39beca04ce1af2268abdabd7e6910
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 21 22:17:07 2009 -0400
Added missing para tag to pfsgroup entry.
commit b29f9f2af44aa0755c5488b1318c4c537608d22d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 20 21:44:29 2009 -0400
updated changes
commit 1da3d8fcc0ac6f5eef786151d6529455625f5b6d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 20 21:40:13 2009 -0400
Added STATE_AGGR_R2 to ISAKMP_SA_ESTABLISHED_STATES.
This caused find_phase1_state() for dpd code to not find it.
This is http://bugs.xelerance.com/view.php?id=1030
Patch by Tim Horsburgh <thorsburgh at cybertec.com.au>
commit 127663a25011e830a91ef9c680f78008ce4ca230
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 20 21:01:06 2009 -0400
Added buildnss flag to spec file, and disabled it per default.
commit e54d82850ac31967fea76f026cf38fe13659631c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 20 15:03:27 2009 -0400
the ike= should use ;modpXXXX not -modpXXXX
commit 07ff10a7595206e73fde235562b2bf117895c0ca
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 20 15:00:34 2009 -0400
Fix man page to note that pfsgroup= is obsoleted for phase2alg=
commit 1b43e8f15d77db1914ee53a60e77e73791a44028
Merge: 19cb005 33b06c2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 18 13:07:26 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
Conflicts:
CHANGES
commit 19cb00538919b2bf30920ecefd7779e46901e71c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 18 13:06:55 2009 -0400
updated CHANGES
commit 19bc7fe45e79def99f602e79d3156b5e480cd97f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 18 13:03:54 2009 -0400
Patch by Anthony Tong <atong at TrustedCS.com>
We found this is 2.4 when tracking down an issue why sometimes concurrent
ISAKMP negotiations from different hosts to a single host would fail
(nhelpers>=1). On sending the main r2 message, there is a possibility that
its message header belongs to another ike message that is originally
intended for another host. (the correct one was overwritten due to
continuation)
commit 33b06c2c6650e80ff2b99eb94073dc63b22c4f6a
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 16 20:16:53 2009 -0400
Added a better description from Rolando to the code.
commit e48d3ea06384eb6f4300b4f2f1220dd7f5da50e9
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 16 20:14:45 2009 -0400
Replace IP addresses in usage with a pointer to the Lucent GW before
someone's ipsec gw is seeing lots of strange packets :P
commit 0401f9bac7c1021f5073d38b2d6b337a3be42977
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 16 20:05:00 2009 -0400
UDP port 501 encaps to interop with Lucent in contrib/lucent
Contributed by Rolando Zappacosta <zappacor at yahoo.com.ar>
commit 4711ade64a298377be71e5ea3b39b8642d588f97
Merge: eb62552 44f5929
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 16 18:45:48 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 44f5929f5e20dec5c778f7a79212a6f72a9614eb
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 16 18:43:46 2009 -0400
Updates to Avesh's NSS patch.
commit 002a629db50db98955a9eb06e2384eff7c7d661e
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 16 18:18:35 2009 -0400
Updated a bunch of credits based on commit logs, and removed old
occurances of RCSID.
commit 4520a4ec078efccb007b6d088a859aabf6a22209
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 16 17:30:57 2009 -0400
Don't depend on ${LIBSPLUTO}. It's wrong and breaks on OSX.
commit 6a5a3413fce6b1f4d9fac2f688b75c1a6ab750f8
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 16 17:27:30 2009 -0400
Add cast to the mpz_to_n2() calls in the NSS code. Patch by Avesh Agarwal
commit 0d9b4b33dd49c60fb2b60a5d7b122cddbb2266e6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 15 18:47:59 2009 -0400
remove duplicate case
commit 5ad9d6d0f13ae64026fee7c083c19db24dd6271c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 15 18:44:21 2009 -0400
Parts of b98da9e4 were missing, related to the USE_BSDKAME code in pluto.
commit b713d7159650e2a8a8b99506cd73d469bae2c81e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 15 18:22:13 2009 -0400
remove non-existing --acceleration option.
commit 4de9c53b064a782b8585a9ed02bd9055e27a94f0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 15 18:10:19 2009 -0400
Use _realsetup.bsd on OSX. This merged in b266cdb5 (not 729ec810)
commit d5d085b570b24ec14fa3d674bb9a2d5ac876c3e2
Author: Stefan Arentz <stefan at Galactica.local>
Date: Fri May 15 17:31:43 2009 -0400
Added a macports directory with updated versions of nss and nspr.
commit 30c1d1cf4756304708826731201477eb9fc09547
Merge: ccebc56 84e583a
Author: Stefan Arentz <stefan at Galactica.local>
Date: Fri May 15 17:24:25 2009 -0400
Fixed a merge error
commit ccebc56ee375d9fc53e6e43c189cc62df9eee6fc
Author: Stefan Arentz <stefan at Galactica.local>
Date: Fri May 15 17:22:18 2009 -0400
Include oswcrypto.h - probably redundant
commit eb0a2efca34eda8348a3e9e9efea74609bb049d7
Author: Stefan Arentz <stefan at Galactica.local>
Date: Fri May 15 17:21:33 2009 -0400
Not sure why but for some reason PL_strdup cannot be found. Even though we link against libnspr4
commit 4ff07adac16e4fc1eb1f93d33cfa8eee8f7564a4
Author: Stefan Arentz <stefan at Galactica.local>
Date: Fri May 15 17:20:46 2009 -0400
OS X does not have the pthread_setschedprio() call
commit 365e792d27613dbdf4b49269f90c06ebad6ac158
Author: Stefan Arentz <stefan at Galactica.local>
Date: Fri May 15 17:20:08 2009 -0400
LIBSPLUTO should not be a target dependency
commit 51189a72b7e499fb41f58d60a519e7420d9109a2
Author: Stefan Arentz <stefan at Galactica.local>
Date: Fri May 15 17:18:51 2009 -0400
Changes for the OS X port
commit dbc919270b48a75218494e10b24bd15a6b2d3ecd
Author: Stefan Arentz <stefan at Galactica.local>
Date: Fri May 15 17:17:55 2009 -0400
install flags for OS X
commit eb62552ee1fe615f27db8688b70df51cc40ad519
Merge: 449c80b 02f7f0c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 14 23:23:43 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 02f7f0cb4821889a53e838acdf9926cb1a1c20e4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 14 23:12:56 2009 -0400
removed generated man pages from repository.
commit 0f40cd3c4731b7160eb5641e32be9ecde9cdf446
Merge: 489f006 2345da6
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 14 21:44:16 2009 -0400
Merge branch 'ikev2' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/
commit 449c80bc00fe474aec322a36a23c1e818a775ced
Merge: 0620c7b 2345da6
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 14 20:56:25 2009 -0400
Merge branch 'ikev2' of ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan into ikev2
commit 0620c7b6d3c7061821e01dcae1ebb1a0bcd2d792
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 14 19:30:23 2009 -0400
added pointer on how to enable core dumps with fedora. it's not trivial
commit 2345da66921ab096d25f00f526dbe0b652b0c401
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 12:35:01 2009 +1000
Fix a simple typo
commit 45760d2190b7c072d81b78e22c0e5be21fccf280
Merge: 84e583a 9a7a36f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 14 16:32:43 2009 -0400
Merge branch 'ikev2' of /vol/git/openswan.ikev2 into osx
commit 9a7a36f2c12dbe165c9a266c838fa78fde5bc39e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 14 15:21:11 2009 -0400
updated changes
commit 52d999d72bdd7126bae02f3fa37e648d85c132b2
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 11:34:53 2009 +1000
Implement a fallback to SW for failed HW requests.
Both the IXP and the safenet fail with "out of range" like errors
when using RSA keys of 1024 bits (and possibly 512 bits).
Implement a system whereby, if mod_exp or mod_exp_crt fails, we fall
back to the software version.
This is a first pass and implements enough for us to do more things later.
It's possible we should give up if the failure rates are too high when using
HW.
commit c334555bae56e0c5509a295ef4d130c4657aa910
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 11:40:47 2009 +1000
Calling LIBTOOL without --mode= is deprecated.
commit 7e78ad8f0d258ce5a17c27f842cc32eab8605d80
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 12:01:34 2009 +1000
Make sure that ipsec starts after the crypto layer
The ipsec init needs to run after the kernels crypto API in initted
so that it finds the algs needed to operate.
Stub the late_initcall for kernels that do not support
commit ea855650b7006f88d178b93feab5178e4f5149d0
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 12:38:02 2009 +1000
Remove redundant code/debug
The dev variable was loaded with skb->dev, never changed, then checked
against skb-dev in several ways, all achieving nothing in the end.
commit 4aa880d84a30fd9502f5c61e2751e30786a5c91f
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 12:55:48 2009 +1000
Fix compilation without OCF and cryptoapi instead.
commit 66af3347c50010123b31e31ae2a1d284e29361d1
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 12:57:07 2009 +1000
A bunch of little fixups for linux-2.6.29.
For the most part it is cleaning up the use of the "priv" field of the
struct net_device. It is no longer a field in its own right, and you
need to use the netdev_priv() accessor function to get at it. (Along
with this you must also allocate it as part of the alloc_netdev() call).
Also had to convert the use of the task_struct's uid field into a
capability check.
commit 21613c7b63906b6050e44eede01980b6fa8fbcd5
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 14:05:45 2009 +1000
Remove duplicate virtual interface assigning code.
Do not do the virtual interface assigning in the NAT-T code as it is already
being done in ipsec_rsm for all receive packets.
The original problem that this code fixed could have also be fixed by
removing the default assigned of "ipsec0" to all packets, this change
effectively does that.
Since the NAT-T version had some useful debug, pull some of that into the
ipsec_rsm version of the code to help with debugging this kind of thing
in the future.
commit 42255b2deaa50a1f3bef7f7fe567b54e8eebd713
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 14:05:45 2009 +1000
Remove duplicate virtual interface assigning code.
Do not do the virtual interface assigning in the NAT-T code as it is already
being done in ipsec_rsm for all receive packets.
The original problem that this code fixed could have also be fixed by
removing the default assigned of "ipsec0" to all packets, this change
effectively does that.
Since the NAT-T version had some useful debug, pull some of that into the
ipsec_rsm version of the code to help with debugging this kind of thing
in the future.
commit 01cc7aade1e812cd0667b754ad1fba6e03f58bdd
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 12:57:07 2009 +1000
A bunch of little fixups for linux-2.6.29.
For the most part it is cleaning up the use of the "priv" field of the
struct net_device. It is no longer a field in its own right, and you
need to use the netdev_priv() accessor function to get at it. (Along
with this you must also allocate it as part of the alloc_netdev() call).
Also had to convert the use of the task_struct's uid field into a
capability check.
commit 7d2a9d858a351c5839f600e91f3f18cee3fcc94f
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 12:55:48 2009 +1000
Fix compilation without OCF and cryptoapi instead.
commit aca84e1c21ace94f386e07082487398c350fbb4c
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 12:38:02 2009 +1000
Remove redundant code/debug
The dev variable was loaded with skb->dev, never changed, then checked
against skb-dev in several ways, all achieving nothing in the end.
commit 7f2116ff026c24f6329167b38cf0da8572ae1011
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 12:35:01 2009 +1000
Fix a simple typo
commit 31333fe6171880ec233f2b94b0a9a637684ee920
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 12:01:34 2009 +1000
Make sure that ipsec starts after the crypto layer
The ipsec init needs to run after the kernels crypto API in initted
so that it finds the algs needed to operate.
Stub the late_initcall for kernels that do not support
commit 335ffd214753d094a2ff8a285e1d785a00b0c41d
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 11:40:47 2009 +1000
Calling LIBTOOL without --mode= is deprecated.
commit e3b195b169b3c5a4e36f75aca18372af350f5cc8
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed May 13 11:34:53 2009 +1000
Implement a fallback to SW for failed HW requests.
Both the IXP and the safenet fail with "out of range" like errors
when using RSA keys of 1024 bits (and possibly 512 bits).
Implement a system whereby, if mod_exp or mod_exp_crt fails, we fall
back to the software version.
This is a first pass and implements enough for us to do more things later.
It's possible we should give up if the failure rates are too high when using
HW.
commit 771be3f0205b3081d6d421a2d155c54b4ae8307b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 11 17:26:39 2009 -0400
Fix another instance of the "%4" vs "%v4" typo.
commit 2a6714102605efd19e9667909bebd419344c4ef5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 11 15:36:11 2009 -0400
undo "strict aliasing fix" in tuncfg.c from Avesh Agarwal applied in commit
2a3dc5912. It caused tuncfg to segfault.
commit 84e583a8805306098003d889c7d5f5530e97727d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 11 15:34:36 2009 -0400
undo "strict aliasing fix" in tuncfg.c from Avesh Agarwal applied in
commit 2a3dc5912.
commit ceedb3d402b341d4defcb00b396169f11c2f3b72
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 11 14:35:55 2009 -0400
Fixed NF_INET_LOCAL_OUT vs NF_IP_LOCAL_OUT confusion. Removed hardcoded
NF_IP_LOCAL_OUT check as the kernel no longer prevents us from using it.
commit b89b690a6c5d1e34f15f1ef370ce2eb09f231a2c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 11 10:16:57 2009 -0400
updated testlist
commit 1c29f3d6abdca602ff6292234bd28a9ef20ef6a0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 11 10:16:01 2009 -0400
added testcase for reported bug http://bugs.xelerance.com/view.php?id=907
commit 2ca949161b67f3b30d090a0c72ffaa36004eb373
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 8 15:24:57 2009 -0400
updated changes
commit ad337e0c9384a0cc00ee5329df0be387cbe25c7c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 8 15:23:50 2009 -0400
Fix for compiling klips on rhel/centos 5.3. Patch by Mark Keir.
This completes #1031.
commit 3a3af0a4bcccb6cb0bafe89c8125bfc840125945
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 7 22:25:02 2009 -0400
Changed some options to compile without LWRES, and with NSS.
Using NSS we should get better access to the keychain, and we also
avoid the pem.o oswcrypto lazy pointer error. This requires installing
nspr and nss.
commit 489f006209f8cdfa98cf6999d476c21d62ac8c33
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 7 21:43:05 2009 -0400
Remove old rcid
commit 82805647d2d267fe2f4df34d22519779f2d6ec4b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 7 18:11:33 2009 -0400
Added dpd-07 testcase to test DPD with Aggressive Mode.
commit 530c3be6d7ff4e346686508f61ceae550d19a313
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 7 18:02:58 2009 -0400
Forgot this testcase requires west is using netkey.
commit dbb26b67af2b91066aae204a73cb6b962d74217c
Merge: ac24895 6931dfa
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 6 16:40:59 2009 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit ac2489582f14a09a68302ec1635de2ef8b8a6b99
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 6 16:40:25 2009 -0400
Added testcase for bug #1029
commit b5be22df049105989ffc025c664aff76ee4c0ae1
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Mon May 4 14:36:51 2009 -0400
Change base version from 'ikev2' to 'gsoc' (and testing commit mail)
commit f2f16b67767ab25d5c1287836b3e39d467f55d53
Author: media <media at medias-mac-mini.lan>
Date: Sun May 3 17:53:17 2009 -0400
added port-500 exception, and attempt to create raw_eroute function.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
Paul: this also merges part of 2c7c653d
Conflicts:
programs/pluto/kernel_bsdkame.c
commit 9fc2e74c61aa5c861eeeee0b71d4003c47df53eb
Author: media <media at medias-mac-mini.lan>
Date: Sun May 3 17:29:49 2009 -0400
changed satype to eroute_type enumeration
Signed-off-by: Michael Richardson <mcr at xelerance.com>
Conflicts:
programs/pluto/kernel.c
programs/pluto/kernel_netlink.c
commit e23d0cd189080b5263ca9bf238b8b71fc90fd852
Author: Stefan Arentz <stefan at Galactica.local>
Date: Sat May 2 21:52:50 2009 -0400
Added BSDKAME objects to pluto.
commit cf70882916948a4b28e6c2c3868f15c5fcd4c8e2
Author: Stefan Arentz <stefan at Galactica.local>
Date: Sat May 2 21:51:32 2009 -0400
Added /opt/local/lib so that libgmp is also found there. Useful if installed through MacPorts.
commit 5fb99d88c17c148f495037bd018e722081f76a60
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sun May 3 02:55:32 2009 +0200
ignoring osxApp/build now
commit dc18ef52485204ca052b10012859a5ac1ed6a41e
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sun May 3 02:34:18 2009 +0200
added osx application
commit 9745bda0d6d9837c36183b06dfa36e7ee1190946
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 2 20:13:01 2009 -0400
Revert "added osx app and put the source code inside"
This reverts commit 5fda5fdc52fcce17dfde627f5e22333e5b7224cb.
commit 5fda5fdc52fcce17dfde627f5e22333e5b7224cb
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sun May 3 01:46:49 2009 +0200
added osx app and put the source code inside
commit eaf8e23bbf4c9690b45403faf893573c862c33a9
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sun May 3 01:00:22 2009 +0200
really added kernel_bsdkame header file
commit 8c828547496fd2dd0be2275bb0a6b4ded0c47cde
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sun May 3 00:58:27 2009 +0200
added kernel_bsdkame header file
commit 3640740ac4c3a74c5e16433f3e65e58fa3eb0250
Author: Jose Quaresma <josequaresma at gmail.com>
Date: Sun May 3 00:49:14 2009 +0200
added constants needed while compiling it in osx
commit 6931dfa81113b1199143a304496f621e2fd3226b
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 2 15:16:38 2009 -0400
Fixes to new nat-t code (HAVE_UDP_ENCAP_CONVERT ) [mcr]
Some ipsec_tunnel KLIPS cleanups [mcr]
commit 9c5fd08e05544368bcd4e03225ef278622c12cf0
Merge: 0eb32fe 933655d
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 2 15:14:49 2009 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 0eb32fe021f1411165698e2982f53b5999bcc8ed
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 1 18:28:27 2009 -0400
Fix ipsec verify checks for new NATT style and for oe-off setting.
commit 450835a7cab50551fe9a26d177c0210ac50c599a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 1 18:09:34 2009 -0400
Do not check for OE in ipsec verify when ipsec.conf has oe=off
commit 933655daa0f1d6b90e4c6fe5a172357b655fbff7
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Fri May 1 10:10:50 2009 -0400
the ng patches as patch, compared to as make targets.
commit 88b4d803fc48ff38c6751c8f21b421459bf812fe
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Tue Apr 28 17:44:56 2009 -0400
updated packaging/defaults/darwin to have USE_BSDKAME=true
commit 9fa9f729d730fb286dc7e6f3a1543693d188752a
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Tue Apr 21 16:29:50 2009 -0400
the man page listed the wrong default for disable_port_floating=
commit a0f42f11cf2c7694b7263b44accc899fb261a939
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Sun Apr 19 19:37:33 2009 -0400
restore the 2.4.x kernel klips target in Makefile
commit 4004e2d0912d16189964ead8ebc906e88dc9ea42
Merge: 444eebd 7269254
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Sun Apr 19 19:34:02 2009 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 444eebd2a3ea2fad1d51267a9ef9f338aec32ceb
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Sun Apr 19 19:26:10 2009 -0400
updated changes
commit 17eb6645ae055b7f3a369be395e3043c82293f47
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Sun Apr 19 19:20:14 2009 -0400
Merged in support for newhostkey/rsasigkey and showhostkey for nss.
Patch by Avesh Agarwal <avagarwa at redhat.com>
commit 08713ee60730dc64a5fe8844b623f4e91318547d
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Sun Apr 19 19:19:24 2009 -0400
Updated openswan rpm building to build with nss.
commit 3889e24aac1d7166cc9c738e90976c39f7521e00
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Sun Apr 19 19:18:58 2009 -0400
Merged in NSS update for pluto and libopenswan. Updated various copyrights.
Patch by Avesh Agarwal <avagarwa at redhat.com>
commit 5acf0cb5a3862d69e19844102272b8b99b2aed44
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Sun Apr 19 19:12:34 2009 -0400
Add check for fips in barf
commit d55897d10329fba2d944439a88cf035c94b52103
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 19 17:08:14 2009 -0400
Updated openswan.spec build file to enable nss support.
commit 1fa970c65c66b91c8e9bd39c56b760297cb7923d
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 19 17:05:44 2009 -0400
Added nss README informatiom from Avesh Agarwal <avagarwa at redhat.com>
commit cd3dba0e4a274ff4c954db63cde2a91a66df811e
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 19 17:04:54 2009 -0400
export USE_FIPSCHECK as well as USE_LIBNSS
commit ad563350e87d9416e3ecca258f723164a14ce5b3
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 19 17:03:20 2009 -0400
documented some requirements in comments
commit 3bda1d898eed833fa86dd063f9d09f5fae165a84
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 19 17:01:12 2009 -0400
Removed unused variable.
commit 1592718af4aa4ac63d45e42d86ca76b25ea18554
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 19 16:58:40 2009 -0400
commented out unused variable.
commit 6bf4679d77a3acb28ce6cdc7c2201abdc60d339c
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 19 15:57:10 2009 -0400
start of nss test case using X.509
commit 7269254e6780fcf5abfc31d2bdd6c4da3a93bf60
Author: Michael Richardson <mcr at sandelman.ca>
Date: Tue Jan 13 15:29:13 2009 -0500
added LSB information as comments --- required by Debian.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 325b5f3e08c14ac74314fbcffe18ed82cc517f9a
Author: Michael Richardson <mcr at sandelman.ca>
Date: Mon Jan 12 14:21:56 2009 -0500
guard against RHEL macros not defined
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 3e69983128b266b075e7cdb1a2f87f1cdde31f8f
Author: Michael Richardson <mcr at sandelman.ca>
Date: Sun Jan 11 20:08:00 2009 -0500
do not assume Makefile.ver is shell compatible
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 7db60892f5411bacbc29d70303f45003a0b02220
Author: Michael Richardson <mcr at sandelman.ca>
Date: Sun Jan 11 20:07:40 2009 -0500
copy kernel trees with git
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 0dd8617cdd1466b60ea59fbbb4baaa0a7d9288fa
Author: Michael Richardson <mcr at sandelman.ca>
Date: Sun Jan 11 20:07:20 2009 -0500
ignore generated .o files for uml_netjig
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit f6e937da573639072b101526bca8af575f581d14
Author: OpenSWAN build owner <build at herring.sandelman.ca>
Date: Fri Oct 31 20:36:50 2008 -0400
added missing options for linus.git tree (of dubious vintage)
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 21fb27250d3aaed654789240ca0177ef805abc6e
Author: Michael Richardson <mcr at xdsinc.net>
Date: Mon Sep 22 13:11:54 2008 -0400
wo#695 . be able to compile ipsec.ko for 2.6.18-92 (centos5.2)
Centos5.2 includes the skb_buff API changes from 2.6.22.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit cf6ecad53c038f05fc6aab96c7f5383398ae61d2
Author: Michael Richardson <mcr at xdsinc.net>
Date: Tue Sep 9 14:02:10 2008 -0400
updated to build package for debian in seperate builddir
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 841a827113e25aa77ffaf81278c40697719df37b
Author: Michael Richardson <mcr at xdsinc.net>
Date: Tue Sep 9 12:32:35 2008 -0400
If IKEv2 is not permitted, and IKEv1 fails, we wind up setting
initiator=NULL, and then we crash in ipsecdoi_replace()
commit 3d3783824dcb04e2c0cb55920db852f9ce196870
Author: Michael Richardson <mcr at xdsinc.net>
Date: Mon Aug 11 21:08:05 2008 -0400
updated Makefiles to work when BUILDENV is set differently.
commit b41dab459fc29d5d4a8a4fd55199dc6734a423ec
Author: Michael Richardson <mcr at xdsinc.net>
Date: Mon Aug 11 20:44:26 2008 -0400
removed cvs log lines
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 64786d772148af180bb2b5942a7f62c471e9e610
Author: Michael Richardson <mcr at xdsinc.net>
Date: Mon Aug 11 19:51:54 2008 -0400
use a seperate build tree to permit simultaneous builds.
commit 5d728c08932209ce929bede5834351c7e548388e
Author: Michael Richardson <mcr at xdsinc.net>
Date: Mon Aug 11 19:51:25 2008 -0400
added additional copyright notices
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 3d0e679e55b8bb5555ac215657051b6da9c10b78
Author: Michael Richardson <mcr at xdsinc.net>
Date: Mon Aug 11 13:47:15 2008 -0400
when making tarpkg, do not install the ipsec.conf file.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit a354aaa33ce154d3d86c849037f98ad48ea11e9d
Author: Michael Richardson <mcr at xdsinc.net>
Date: Mon Aug 11 13:25:57 2008 -0400
minor adjustments to packaging.
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 76162d4213e890fec5c81a979c84497ca7ba8cff
Author: Michael Richardson <mcr at xdsinc.net>
Date: Mon Aug 11 13:14:54 2008 -0400
commit code to deal with vendor names.
commit 658685b97141d789ed0e7f67ce015d83afb3df05
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Apr 29 12:26:24 2008 -0400
the netmask for the remote is used when installing a route with the
local address used as a source IP. this is wrong.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit ad3005a4451d3069a40640b66dd632e042bbdb70
Author: Michael Richardson <mcr at sandelman.ca>
Date: Thu Jun 19 23:59:25 2008 -0400
some cleanup of rpm build Makefile, but it still does not work, and should be removed.
Signed-off-by: Michael Richardson <mcr at sandelman.ca>
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit f6608dcde3a95b68fa1ddfa786b41c0ef05293ae
Author: Michael Richardson <mcr at sandelman.ca>
Date: Thu Jun 19 23:58:09 2008 -0400
if a vendor file exists, then include it in the name.
Signed-off-by: Michael Richardson <mcr at sandelman.ca>
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit 6bfb8a441ebd4c4e5f21510ecbd089417495ff1d
Author: Michael Richardson <mcr at sandelman.ca>
Date: Thu Jun 19 23:57:40 2008 -0400
make sure that MODULE_EXTRA_INCLUDE is used in the 2.6 makefile.
Signed-off-by: Michael Richardson <mcr at sandelman.ca>
Signed-off-by: Paul Wouters <paul at xelerance.com>
commit dc5b5351378e2e5baadc97a54e0883b3cefa774b
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Apr 13 20:59:18 2009 +1000
DYNAMICDNS was not working for tunnels that failed an initial lookup.
Make sure this is dealt with appropriately and that the tunnels come up
once their DNS name resolves.
commit 05d0fde331c1fddfe9cb4780482ce468500e4ae5
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Apr 13 20:56:38 2009 +1000
If we are using DYNAMICDNS, do not fail to add the tunnel if the lookup
fails. Send it in and let pluto work it out.
commit 896d3cda5dbb95c6cd3759a1cbcb0ca4b50cccad
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Apr 13 20:53:39 2009 +1000
make sure host_pair is not NULL before we use it.
commit 9a0bd5430724e1fa1d81feba8eb26a17f577369a
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Apr 13 20:52:24 2009 +1000
ttoaddr would not work for a DNS hostname if AF_INET|AF_INET6 was passed in
instead of 0 for "af". ttoaddr would return success (err == NULL) but not
actually do the lookup.
commit ac8a198b5e50eaf9a445f4820f40519f0d0a8fec
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Apr 11 19:12:15 2009 -0400
Added USE_FIPSCHECK. Enabled USE_DYNAMICDNS. Disabled USE_LWRES.
commit 2a3dc5912786492027ba034ae6757dcc21dc6a91
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Apr 11 14:05:35 2009 -0400
Rawhide is using gcc 4.4, and errors are in following files:
1. program/ikeping/ikeping.c ("strict aliasing rules")
2. program/tncfg/tncfg.c ("strict aliasing rules")
3. program/rsasigkey/rsasigkey.c (line 199: error: offset '3' outside
bounds of constant string)
Avesh Agarwal
commit 9142e69d03655b94f635b527812047f1982d7c10
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Apr 11 13:56:44 2009 -0400
Fix for https://bugzilla.redhat.com/show_bug.cgi?id=489113 [Avesh Agarwal]
commit 3d81e77235a0f7d44250f367469e4bab6d4e9e59
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Wed Apr 8 18:19:42 2009 -0400
newer CA's now use a crlnumber. Create an crlnumber file with 01 to start.
commit 59e7c9b5a0e20b0146d0cd8980efafdaa94d84ef
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 30 09:11:28 2009 -0400
updated changes
commit 3b7011d017aa5b50173e86335bf6c6144e941a2a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 30 09:11:06 2009 -0400
Fix for a deadly 1 packet crasher in the DPD processing code. This bug
is severe and has been assigned CVE-2009-0790. All versions of Openswan,
Superfreeswan and Strongswan to date suffered from this bug. If the
icookie/rcookie did not match for a DPD R_U_THERE or R_U_THERE_ACK, the
pluto daemon would crash (and restart). This can be abused in a denial of
service attack.
commit 2353c2d7c6f196f58d8f96b4763042ea036ea566
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Mar 24 09:22:31 2009 +1000
The parameters for ip_route_output_key were wrong for pre 2.6.24 kernels.
This was causing ENVAL errors on send.
commit 04e6099808ed099b013028f569278d8f5b9ba1ab
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 26 12:06:37 2009 -0500
added probable astaro vendorid
commit c1efb555ad5f3673b23de0a4ce9278824f872f87
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Feb 24 22:23:44 2009 +0200
Fix ipsec setup --status not showing amount of tunnels with netkey
commit b2b4c05ae880165526e93590e7f9a25f2bf3bd50
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 10 00:53:25 2009 -0500
updated changes
commit 539b46f2bf58066f6129c4312115ba1d18142b3a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 10 00:52:44 2009 -0500
Fix for http://bugs.xelerance.com/view.php?id=1016. At least we don't
crash anymore, though we should really be rejecting a connection that
tries to do right=%any with rightid=%fromcert.
commit b6b8e20f8af9b3c6a9f941adf1710dd39db7588f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 10 00:20:00 2009 -0500
updated CHANGES
commit 920b9662b2d93697cd37ef91269604479a5d10da
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 10 00:19:01 2009 -0500
Fix remaining SADB_EXT_MAX -> K_SADB_EXT_MAX entries. Found by "bencsathb"
commit 5a9e293f5fa398a5b84d5dc0e6d8bc36ecfe6fb0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 9 23:54:47 2009 -0500
Updated CHANGES
commit ffa2a25b40a52ea063c8b16856a5d6482c9272f4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 9 23:49:59 2009 -0500
Fix for KLIPS with NAT-T to make the decrypted packet come out at the
proper ipsecX interface, instead of the hardcoded ipsec0. Patch by
Hiren Joshi.
commit 51816416dec08ba63aed77830cf1cb35dbb8180c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 9 23:48:43 2009 -0500
Allow SUBDIR to be overridden (eg to skip building docs)
commit ee9b36d82f24dfd93e5df607bdcfa48b6deffb11
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 9 22:53:32 2009 -0500
updated changes
commit a712844ce2d9c46a2d243421c48307c72191129f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 9 22:27:29 2009 -0500
The various do_command's used a hardcoded 1536, which some people were
hitting. Note that there is also duplicate code for sending the
environment variables from pluto to the updown command. The common code
is put in fmt_common_shell_out(), but not all stacks are using this yet.
Also do_command_linux was confusing, since klips was not using it but
netkey was. It has been renamed netkey_do_command and moved and now uses
fmt_common_shell_out().
invoke_command() has some added debugging related to the size of the
environment passed.
Patch by Carsten Schlote <c.schlote at konzeptpark.de>
commit 8a4c44b3b776086ef48043ec0aea09925ae09761
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 9 22:17:51 2009 -0500
There was also a problem with fmt_common_shell_out(), which uses
snprintf() the old way. I changed the code to work with the old way of
returning -1 and the new one returning the potential output length which
might exceed the given buffer and output to buffer was clipped. Some of
our VPN connections uses lots of lengthy PLUTO_#? parameters and the
command string was clipped by ~300 bytes. So _upstart script was never
called and strange things happended. Therefore I increased the buffer
size for the command string.
Patch by Carsten Schlote <c.schlote at konzeptpark.de>
commit 712d6a7525bffa0699ee0aa1fa7957f9859c2b5b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 9 22:15:32 2009 -0500
Added debugging to the extensions [Carsten Schlote]
commit f19bf1c8fb705d546ca4f803ed32fc0681040732
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 9 22:10:27 2009 -0500
Added comment. Removed old rcsid
commit 183747f27c4a8689be3fc301e32bb4eee2b7ba07
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 9 22:02:59 2009 -0500
Use K_SADB_EXT_MAX, not SADB_EXT_MAX. Patch by Carsten Schlote.
commit 1ffaca9ee9e347686c9ad324e5368ed8171b1c0d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jan 29 13:24:50 2009 -0500
updated CANGES
commit c71da6f55e4d1a94a06b50797d9b5b3bf26e10a3
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 29 15:31:59 2009 +1000
On some classes of products using ipsec the number of supported tunnels
needs to be limited (crypto export restrictions).
Add a config options (disabled by default) to artificially limit the number
of tunnels that can be actually active running at any one point in time.
commit 14c08fd06140d27b712a8543d8da1200e6f20419
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 29 15:30:13 2009 +1000
Change plutos event loop to be more predictable under heavy load.
* Process the fd's first. This doesn't help much but it is possible that we
pick up a packet that saves us tearing down a tunnel due to a pending
timer expiry.
* Process all timer events that are due/past due to be run. Without this
we can get way behind and run timers long after they were due.
commit 675546d69f2fb28bb552553d1e142eacd9ebbe75
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 29 15:26:11 2009 +1000
Make absolutely sure we do not waste cycles pushing the same state change
more than once.
commit e9e3bd8bb61f2271f86c81407f8b3eb14a43a432
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 29 15:15:47 2009 +1000
removed duplicated include of virtual.h
commit 268b8dcc27e65187d63824ef2be13d95b1205144
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 29 15:01:52 2009 +1000
Changes to get asynchronous crypto working nicely in pluto (nhelpers > 0).
* clean up the crypto_request code by moving it all into pcr_init, there
was lots of duplication and potential for cut-paste errors with the old
code.
* cleanup the use of reply_buffer, it is global and contained state that
needed to be saved across async crypto calls. Since it is global make it
obvious by using it as a global and not obscuring it with per-request
pointers/stack pointers into the buffer.
Without it we would send packets with another connections cookies and
other similar cross state/connection problems.
We now save/restore the active portion of the reply_buffer when handing off
crypto (sort of like a context switch).
* reorder the crypto request structures to have the common fields
first (so all the structures are the same in that respect).
commit f3bda9a8ab9db36780a97ed4ac24a009400346be
Merge: 8ec2e3b 9ac8641
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 29 14:32:58 2009 +1000
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 8ec2e3b18b922d9e172e524b4e3ce90f342361c3
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 29 14:30:57 2009 +1000
Disable the warning if DH operations take more than 200ms, embedded
systems will rarely be able to perform a DH in that time.
ie., A 533MHz Xscale with Safenet for IKE acceleration takes 230ms.
In software it is about the same speed.
commit 9ac86414555d46276b57e793f48447ed570bb45b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 25 23:36:03 2009 -0500
updated CHANGES
commit 0981b5140d496983c15dda0b1215355e8b95685b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 25 22:04:42 2009 -0500
updated changes
commit 81e815b55edc19171c44c1e95d024c448ed633f1
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 25 22:03:31 2009 -0500
Fix a compile error in main_inI2_outR2_tail() when DEBUG is not
defined. Patch by Shingo Yamawaki
commit 027e6909f3937cadab067de3c08f095b3855f1c3
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Jan 19 14:08:50 2009 +1000
more verbose log for X509 errors to ensure filename is known.
commit fb299eed8b1029a9bbe19506bfa935333a7d82d5
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Jan 19 12:53:38 2009 +1000
provide a more verbose log for x509 CRL's so the we know exactly
which file is causing the errors in the log.
commit aaab887666f989bbdd73a876eaa22ed2f8ac6545
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Jan 19 12:52:31 2009 +1000
Fix up inverted error checking on chdir resulting in errors in the log
about changing directory to '/' and so on.
commit a8a26b2f8ded8ca56d4f2dbfdd06aea75e4da592
Merge: a953eac 02136f7
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 18 13:09:16 2009 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit a953eacab1106c2436d5ce99eeaa79cfb38b834f
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 18 13:09:03 2009 -0500
updates changes
commit 02136f796c452a33168879322465a7ec0c921ebc
Author: Ken Wilson <Ken_Wilson at securecomputing.com>
Date: Thu Jan 8 15:36:19 2009 +1000
Get openswan to send the remote host address to PAM during XAUTH
so that it may be used for better logging/authentication purposes
at the PAM end.
commit ee10a60d7723c3a577227e4398c0061e72493bc3
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 8 13:50:16 2009 +1000
Fix an uninitialised variable problem with hidden_vars that would
non-deterministically prevent tunnels from starting.
You would see an error like this in the logs:
discarding packet received during asynchronous work (DNS or crypto)
and also (if contromore is enabled)
received encrypted packet from 10.31.1.2:500 but exponentiation still in progress
Unfortunately, neither was the case, and we were queueing/dropping packets
we needed to get the tunnel going.
commit 480ecb90c68d2e77142dbf49973ed8fdce7eda0f
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 8 13:47:21 2009 +1000
Fix some ifdef'd code to use set_suspended (as it should) so that if it is
ever copied/re-used the code is doing the right thing.
commit 58978edd0ecec12412223ac2b36c76ec4938789a
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 8 13:45:34 2009 +1000
Just cleaning up some error checking logic to be more precise, also make sure
we reset the value of cryptodev_fd to -1 once closed (no actual known problems
here though)
commit b88ee5b0afd580962ef2949f0ce91e07cbf6c1cd
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Thu Jan 8 13:36:07 2009 +1000
remove duplicate declaration of for_each_state
commit d4d50822845c270d99c5d294110ab1c679f98b89
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 6 17:08:29 2009 +0100
addcon ignored parameters that were set to 0 (such as nhelpers=0). Patch
by Shingo Yamawaki.
commit 60d6bf1ce014fc73aeee7c827a30f07342a049fb
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 24 01:22:46 2008 -0500
fix typos in CHANGES
commit 0d136ce695ba4b9f9fd6ee4ba102caeb9313a964
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 12 21:51:00 2008 -0500
remove misspelled man page file
commit 5adf03b2c4cb213104e1392af6e894a074475f2a
Merge: fabb631 15b6dc7
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 10 10:17:33 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 15b6dc7279b5785202c9a3c80b8aecba97febedb
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Dec 10 23:48:56 2008 +1000
Depending on the order of Main mode and Aggressive mode wildcard
(roadwarrior) tunnels, an incoming agressive mode tunnel will match a
main mode tunnel and then fail. The problem is that openswan searches for
a wildcard tunnel and isn't specific. If we want an aggressive mode tunnel,
why not just look for one :-).
This prevents the error:
... but no (wildcard) connection has been configured ...
when you actually do have one but it found the wrong type.
commit 673a4f3ec6ade3a1417c2f266654f20fdf8099d1
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Dec 10 23:45:05 2008 +1000
Make sure we only set NEXT_NONE on the last entry that we add.
commit fabb631466defb215f235baa10fb30ecb80db10f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 9 12:47:29 2008 -0500
Change a comment.
commit c12be1c02c57712461d71ac8a029b9733ec7abd3
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 9 11:01:02 2008 -0500
Make a note on needing HAVE_OPENSSL for HAVE_OCF, and setting both to
false per default.
commit 212e33935d9f6d0fd6283e109f3c63176dd89146
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 9 10:57:42 2008 -0500
updated changes
commit 34bba40c5f8ebc48080254332962f06541ba56c7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 8 12:09:43 2008 -0500
updated changed
commit 7d7218d2534b382ff60851358b48489784c7f958
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Dec 8 22:41:38 2008 +1000
When we reprocess the next escapsulation we need to go all the way back to
the decap_init function, otherwise we do not have the irs->said setup
correctly and also sa_len and sa are not formatted correctly.
This meant that an ESP+IPCOMP combination would not process correctly.
At the same time, avoid calls to satot (expensive) unless we have debug
enabled, in which case we do not care about performance :-)
commit 07e0b0220630e7fc0f70d9a49047394ae5db1c8b
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Dec 8 22:37:41 2008 +1000
We already check ipsp is not NULL, so no need to keep checking it.
commit 03e782b38f5d0260144b7402ed94ef62716ffd67
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Dec 8 22:34:41 2008 +1000
This small portion of IPCOMP processing from 2.4.X got lost with the
code restructure. This doesn't seem like the correct way to do it but it
gets IPCOMP back running ok. Without it we fail to send the IPCOMP
request to our peer even though our policy states it.
commit ae262389fd771c944dbf3534b294387fb887d948
Author: Florian Westphal <fwestphal at astaro.com>
Date: Mon Dec 8 22:27:13 2008 +1000
When a compressed packed is received, the kernel panics
(also see http://bugs.xelerance.com/view.php?id=982 , which appears to
describe the same issue).
...
We observe this with 2.4.13, but this appears to be present
in 2.6.19 as well.
It is due to bogus offset calculations in ipcomp.c:skb_copy_ipcomp().
"offset" is the difference between two skbs, yet the value is used to
set the skb protocol header fields.
offset=n->head-skb->head;
n->nh.raw=skb->nh.raw+offset;
got changed to
offset=n->head-skb->head;
skb_set_network_header(n, offset);
which will make the network header point to somewhere
outside the skbs allocated memory area,
causing the kernel to OOOPS on the first receipt of a compressed packet.
This makes things work again for us with 2.4.13 on a Linux 2.6.16-based kernel,
it would be great if you could double-check this because we don't use all
the code paths there due to #ifdefs.
Florian Westphal <fwestphal at astaro.com>
commit 090f6496d95ea6d3484d9744c6b1d9338dd6e401
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 4 23:19:07 2008 -0500
Fix for relasetup status when mastX is used instead of ipsecX. we have
no eroutes in that case. Patch by Shingo Yamawaki.
commit edd4f3ef8f3465aa6c560424af351292b6edab75
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 4 12:28:09 2008 -0500
updated changes
commit 1b55ec47321b2dae39681f7dd94dcef7dbac2b05
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 4 12:27:09 2008 -0500
The code to allow transport mode when the server is behind NAT using a
port forward, was accidentally taken out from openswan-2.4. This puts
it back. This is bug #1004
commit c05f77775e2ea628d42c9df979b90aa0422886d0
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 4 11:39:13 2008 -0500
updated changes
commit 8f9cba10eabf24224812c11376d3dc27606a965f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 4 11:38:09 2008 -0500
Fix dependancy in make file for ipsec.conf.5. Fix by Tuomo
commit f1fc6f92e0dd8c673242c24609662863369c3365
Merge: 370e5f8 f0f64de
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 3 13:22:30 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 370e5f8484c6f87d35d2c18a6822e431eee080b5
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 3 13:22:16 2008 -0500
updated changes
commit ffd969e763b461e1e664ec3a775336856b67c286
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 3 12:49:20 2008 -0500
documentation had default value wrong in force_keepalive
commit ba4362bbc6d2c86977b548f1e00d134713737cdf
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 3 12:33:47 2008 -0500
Fix for ipsec whack --listevents by Shingo Yamawaki
commit b7d93e57985c4a82023d36f36b92063544d57b69
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Dec 3 12:31:20 2008 -0500
It is keep_alive, not keepalive as keyword. Patch by Shingo Yamawaki
commit f0f64dea7e529180fb9ee33d59f68da77fd41b85
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Dec 3 16:25:36 2008 +1000
Fix the compile warnings for 3des as well.
commit 1ba33fc7d6670dcb935da68e0db6db9e74a4b651
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Dec 3 16:21:08 2008 +1000
Fix some compile warnings when using the openswan builtin AES.
commit a522ec49da8625468637765a2054afb57f062027
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Dec 3 16:13:36 2008 +1000
Bring in the current OCF cryptodev.h for build OCF support on systems
without OCF appropriately installed.
commit 194a934a92d7520f4e9cf1fd632f6dd7c856309c
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Dec 3 15:09:16 2008 +1000
Complete rework/cleanup the openswan crypto offload so that all our
previously offloaded crypto is now done via liboswcrypto and not some half
baked hack in the pluto directory :-)
This also makes compiling without OCF enabled possible.
Currently AES, DES, 3DES, mod_exp and mod_exp_crt are implemented. From
here it should be easier to move more into the crypto helpers and and add
other algs like MD5/SHA and so on.
One goal is to be able to have less crypto algs implemented system wide as
this makes trying for FIPs compliance easier. Adding say an openssl
implementation of all algs is also an option.
commit d4f12387787b10cb70bd35b298d378d416a1c303
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 2 17:24:46 2008 -0500
virtual_private should be within #ifdef NAT_TRAVERSAL
commit 04e820447eb962fee3f5f6bdc32e03f376598668
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 2 12:56:47 2008 -0500
updated changes
commit 368815bed4809d054443e81e403d8f07f3767767
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 2 12:56:00 2008 -0500
updated man pages to include disable_port_floating=, force_keepalive=
and keep_alive=
commit 5c8d2d3a838168ed5c34316157b570261a6a36b0
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 2 12:54:17 2008 -0500
The options force_keepalive= and keep_alive= were not ported from openswan
2.4 to the new openswan 2.6 parser.
Whack would not compile without NAT_TRAVERSAL due to its use of
KBF_FORCEENCAP without an #ifdef
commit 0e52c9cd349a2e3a7dcd232a3024447cd8ee6f54
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Dec 2 14:23:20 2008 +1000
More compile warning fixes (ioctl)
commit 3737ca095fe0b9f63e30f6c0b636edcf44897401
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Dec 2 13:48:56 2008 +1000
Fix a few compile warnings
commit cf979cafb7292be46e058320881d199f6f24e049
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Dec 2 13:11:31 2008 +1000
We pass the actual (in esphdr) IV to the crypto functions on transmit and
we need it not to be overwritten when done. Since the CBC functions give
us the new IV (writing over the old one) we need to work on a copy.
This was stopping TX working when using the in kernel cryptoapi algs (bad
packets coming out of the tunnel at the other end).
commit f5f0891faeadfb2c25a0d04595a9d311ae86ecb3
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 29 13:32:25 2008 -0500
updated CREDITS
commit 64aae1d4c9a190f39f25402c5e8dba21de51b8bb
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Nov 28 13:52:53 2008 +1000
Fix up some compile time warnings and errors with various combos of
OCF/ALG on/off.
commit fe55804ffe9c1ad70afda977b95d184efe93ad6a
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 27 19:10:58 2008 -0500
Allow BITS_PER_BYTE to come in via <nspr4/prcpucfg.h> with USE_NSS.
Everyone sets it to 8 anyway :P
commit 9961f350edaa7533cb97658e3d3274677d20c0ad
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 26 22:58:17 2008 -0500
Try and add some logging to "Informational Exchange is for an unknown
(expired?) SA" message.
commit 0375434d58f1fd3badcfabd7edef6cd7d5c8d2a6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 26 22:57:45 2008 -0500
Revert one change of osw_abort() in the ISC lib. I did not fix it by
adding oswlog.h, because it seems we might be using the isc lib files
unmodified.
commit dcd40efe3777479ade73b1b299b3429cabe63ba6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 26 16:16:23 2008 -0500
updated changes
commit cced86143c72144ed8e60c4c90da9ea0b85f5d6a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 26 16:15:41 2008 -0500
David's fixes for ipsec_kversion. The RHEL/SLE defines were causing
wrong settings on kernels > 2.6.22 not in those distro's, such as
openwrt's build system.
commit 2bbb618be436e57fb9bcb1c4ea363cca4abf0a92
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 26 03:06:21 2008 -0500
updated changes
commit 2e0c3a81c6c040e23d3c936e0e686fb394c680f8
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 26 03:04:17 2008 -0500
Added man page entry for new metric= option
commit 838d6db244abdc24a7d83c0f034984170681a9f8
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 26 02:43:13 2008 -0500
readme on uml stuff
commit d7c72bb8b69db1263b3873ba446d913dd8220e65
Merge: 9629cb9 8f941da
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 26 02:42:58 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 9629cb986d1caa3e0b30b2bf0d4b2d85028a80d9
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 26 02:42:47 2008 -0500
include "virtual.h" for show_virtual_private()
commit 8f941dad97863ade4a8b2bb9bfe8f7fd3bae6559
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Nov 26 16:03:04 2008 +1000
Fix up klips so that we can unload it cleanly at runtime.
This allows you to switch from klips to netkey and back.
commit b48a96fc5e63e9631d8740c48657a34d2d485e61
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Nov 26 15:53:38 2008 +1000
A spelling mistake ;-)
commit 5c081e4da24a19ca0c181069c6f3c5a165844d44
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Nov 26 15:52:49 2008 +1000
Specifying plutodebug = "all" would turn on "crypto" debug, but pluto does
not handle a --debug-crypto option, only --debug-crypt.
commit 123f7a32699dd3838d296083610418d84b9064ef
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Nov 26 15:28:46 2008 +1000
Whenever a pending (async) crypto request returns but has been disassociated
from it's state, clean up and forget it, it is no longer needed and we do
not have the information to proceed, and doing so causes us to crash.
Flag disconnected crypto requests with a LOG entry to help spot them.
commit 4a9339bfdcdb82113775cbce7f4ee472e11adf17
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Nov 26 15:20:48 2008 +1000
Add an option to set the metric on ipsec installed routes.
This makes it possible to do host failover from another interface to
ipsec using route management.
commit 021c768f365e48e49f1ac8be87b4c78ab96350d4
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Nov 26 15:14:38 2008 +1000
Convert pluto over to it's own more verbose abort code. Makes find
application aborts a little easier on embedded systems.
commit 3228d9346e3335b41f5dc6f4875aa921b06bb5c8
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 25 11:38:23 2008 -0500
short readme on how to use UML VM
commit e938a29520d972e2168ff69069cba94a46f23311
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 24 22:19:01 2008 -0500
updates changes
commit ae509f4ba86a5a53ee5999f5e12c5c75f1d93fc7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 24 22:17:09 2008 -0500
Fixed an sprintf that was actually an snprintf in init_crypto_helper()
Patch by Owen Jacobson.
commit 85464062459c2cbf6bd48b543cd4609dd6cfa3c5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 24 22:15:37 2008 -0500
Add support for USE_NSS (default false). The GNU NSS is a certified
crypto library, so it is desirable to use it instead of custom calls
for some people. Patch by Avesh Agarwal
commit d61a8d4a5b5d0fe6aac5db185362ce66720957fd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 24 21:48:20 2008 -0500
Change the broken DPD cookie "error" into a "warning", since we no longer
abort if we detect it, but allow it.
commit c283cbb5e968a0a5b1ae872fc6ee8f16bcdf0988
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 24 20:21:28 2008 -0500
updated changes
commit 1d031c1374f9d5e6b0092423eaeda86b767ba30e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 24 19:03:28 2008 -0500
Fix prototype to use void
commit 74327d434802d9aa0eb679e45c5661b977481703
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 24 18:20:41 2008 -0500
updated changes
commit 84e69b7c71c25c958f91576010d29bb692d4bf1c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 24 18:18:47 2008 -0500
Work around for the too common "%4:" bug (instead of "%v4:") in the
virtual_private entry. We shipped with such bad example at some point,
and people keep running into it. This logs a warning and continues
processing the entries.
This also fixes a bug where ipsec auto --status would segfault if the
virtual_private= line contained cruft that was unparsable.
commit e8dfd6027def90cacfaba2029af432061a2df94a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Nov 23 20:22:54 2008 -0500
Added void show_virtual_private() that shows our read-in list of subnets
for virtual_private= and added a call to it for 'ipsec auto --status'.
This is to help debug #1003
commit d5d72983612e8f6be4ee33e0d93f2e9187458b98
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 22 02:55:55 2008 -0600
Removed an old bug entry
commit af6d9a8fc06f048a154ae0549b5c9935e7ab27aa
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 22 02:41:19 2008 -0600
removed unused Makefile.inc option IPSEC_FIREWALLTYPE
commit 88640e095f84af57def744d7ee2fe7995370d337
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 22 00:35:49 2008 -0600
updated changes
commit 2aa6c30c26ec5b6a5d0ec7eaf3a3c74c86249d75
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 22 00:15:34 2008 -0600
Fix for L2TP/IPsec with Windows machines having their packets
disgarded by accident. See comments in code for details, or see:
http://lists.openswan.org/pipermail/dev/2008-November/001971.html
Patch by Hiren Joshi
commit 63a61d032893e2e179a1df50409c4b97c6455714
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 22 00:03:02 2008 -0600
Fixes to interop with SoftRemote/aggressive mode [David McCullough]
commit f26f36748a5e292d6f3bca65baf68e5c5656d7e8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 21 23:55:35 2008 -0600
Fix a warning in uml_netjig
commit 10552dcbb42d96fa8e33a10d4bd96a96a0dd1e6b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 21 23:53:07 2008 -0600
add comment on strange module order found experimentally
commit 4661d345b676d5412a52b6d1289568fc4ab31eac
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 21 23:52:38 2008 -0600
Skip installing livetest
commit 5086d888ea3196de4153663c244729c07a717fc1
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 20 15:39:09 2008 -0600
Added two rfc's on anonsec
commit bcb8c89b0be6d11f0fa5b9fbd5f0e6cf88397664
Author: root <root at thinkpad.xelerance.com>
Date: Thu Nov 20 10:09:01 2008 -0600
remove unused status() function, it is called directly
commit 44089225e89c46544c401332df8fd3b9a3baf673
Author: root <root at thinkpad.xelerance.com>
Date: Thu Nov 20 09:52:14 2008 -0600
define ip_hdr() on SLES 10.2 and up [Shingo Yamawaki]
commit 52636b773d598bf151fe4631b21f567f2231efb3
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 15 00:35:15 2008 -0500
update changes
commit f029870a2f83558cbd176c59b796acdca7d42145
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 15 00:32:48 2008 -0500
Fixes to the init script by avesh agarwal and Tuomo Soini
commit 96b1640242e15a2e4d159a3f97891dcf57e2c38b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 23:34:03 2008 -0500
More cleanup and regeneration of man pages.
commit 460163484d37adb1fc110943b86025f5d8489972
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 23:08:32 2008 -0500
Regenerated man pages
commit 91fa86e9ecc76dd04188f5c31fb48fe7f9cb312c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 23:06:39 2008 -0500
removed obsolete _updown_x509 directory
commit 434eba47a12a757adab31e337e7057070eb25974
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:53:35 2008 -0500
removed CVS cruft so xml validates
commit 06e1d8d98a1be51f190b8f0e908c0a58fb386adb
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:51:47 2008 -0500
removed unimplemented placeholder for simpleca
commit 100a4db8fa0f65cc1c6fa7a3a25908954e6da2af
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:45:56 2008 -0500
Fixed xml file so xmlto will generate man page
commit 2bffec8d95db35d6f8c02d7784c3e31ea446aa38
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:31:44 2008 -0500
fixed man volume from 1 to 8 so xmlto will generate the right filename
commit 62574f8558ad23da80cf82c628dfdd991bc854ea
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:24:06 2008 -0500
Add generating .3 files from xml to makefile.
commit 37d4260f9ca22b993cee715f43b043cd78c3c572
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:12:07 2008 -0500
regenerated barf manpage
commit c642c35fc63f578af97e431eb82c1c3c5a2d1150
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:11:28 2008 -0500
regenerated auto man page
commit bc51043bb513b833c18111c27b446de4fec420ef
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:10:19 2008 -0500
regenerated addcon man page
commit 2976ffee85976d9deaf0a0fab556131beadc8304
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:08:59 2008 -0500
added regenerated spi man pages
commit f1544c77dfff56c243589c15d763851df21c12be
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:08:37 2008 -0500
Removed obsolete fswcert directory
commit 9768ebe9b40ff52a9c047bc46a078f14864de07e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 22:02:29 2008 -0500
remove target for ancient index.html
commit d4021cb41b9ca6053f6eefc537685d0356278fae
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 18:42:18 2008 -0500
running xmlto in Makefile causes it the make to error, perhaps due to
warnings/errors in the xml file. Running it by hand works though. So for
now, I've updated the man pages by manually running 'xmlto man' on their
xml files and commiting the results.
commit 4f2fc9777370ecd6389567166e57c8b73bbf8c63
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 18:21:35 2008 -0500
Remove entire duplicate entry of pluto.8 man page within the .xml file.
It now generates the new (ipsec_)pluto.8 properly. pluto.8 that was in
the repository was outdated.
commit f7854e509d4e5b25c383f35928c22f66244befb8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 14 16:31:03 2008 -0500
Add xmlto requires to suse spec file
commit 971069639f6b9352e296d6192460cb1a332c3eaa
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 13 01:43:59 2008 -0500
klips did not load any cryptomodules, since originally it did all its
crypto itself. But with OCF, it might need some modules loaded too, such
as the padlock module. ( ocf modules should probably be loaded somewhere
too - same for netkey)
commit fc6fd6b1a210710bce60c2d71b5bf1022de9dcf2
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 13 01:41:57 2008 -0500
modprobe padlock-sha and padlock-aes. also keep in the old modprobe for
padlock for older kernels.
commit c3d319af0bdee138b23d4598858fff77b0831996
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 13 01:21:06 2008 -0500
defaults for freebsd/netbsd from openswan-3.x.x.
commit b13d01d8407cc853e97942540f1d0fc8d6ad2d55
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 13 00:08:44 2008 -0500
Remove duplicate code between ipsec_kern24.h and ipsec_kversion.h
commit 783e6edfea31e9d70d2037afaf67da8cc98b4c0a
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 13 00:04:41 2008 -0500
Fix bogus warning about enumstr possibly being used uninitialised.
commit 4b888af5f2e73f1adf7337c1d2a5c94846ee2ab3
Merge: d8408a2 beac29f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 12 22:12:01 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit beac29fdac3a9341a9bbb764ea5b4d4ff8c46ff0
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 8 12:48:20 2008 -0500
Add xmlto tothe buildrequires
commit 0671bcd8539e957cae5dffaa3fd47f7315d1472f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 6 12:53:19 2008 -0500
update changes
commit 501fb30403c35d2d1f062a842660f6fead3841eb
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 6 12:52:34 2008 -0500
Fix for setting up connections using two different source IP's to the
same single destination IP using separate tunnels. Patch by Avesh Agarwal
commit 2513bed757598e43c3d7368c5d18043d167a613a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 4 17:09:13 2008 -0500
updated changes
commit cf699b74bdadf3d05db3c032bbcf9d989d2e34a4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 4 17:08:22 2008 -0500
When we fail to load a certificate, but have leftid=%fromcert, we have
to make sure to set the id to ID_NONE if we failed to load the cert.
This caused a crash to happen if the leftcert= had a typo in the name,
and the file was not found.
commit b159167534f4ebf2bea632c12ede9393d8740579
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 4 11:31:35 2008 -0500
Added two BTNS drafts to doc/
commit 15c1446319a210a7714149427f970b35d5e9355a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 3 10:52:06 2008 -0500
generated file should not be committed
commit d8408a23451622036146fb01b48dadfd141e7f05
Merge: aa727e0 73134cb
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 28 17:40:43 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit aa727e099784211aa668e639c5c11025743069e3
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 28 17:37:52 2008 -0400
Don't try to apply the KLIPSNG patch per default in uml testing.
commit 73134cb63671d30c1d0ab62804aeb57b738c69d3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 27 18:15:31 2008 -0400
updated changes
commit 2c216287283a31918b793574b67cb06301ab2958
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 27 18:11:44 2008 -0400
Added cisco-decrypt (from vpnc)
commit edecee111f875f5d7ef64a042156bbe68a27a403
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 27 16:23:26 2008 -0400
Only log the warning about experimental shunt_eroute's with netlink
using controlmore, as to not confuse the user too much.
commit cb35226cc619d347a16605a53f8be8793084bf61
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 27 12:43:31 2008 -0400
updated CHANGES
commit b72fcd223a20ac3f1b2fef9dda5ec1fabb926017
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 27 12:42:15 2008 -0400
create placeholder file in docs/ for patent information we have.
commit 29bb14036d5c8c400db0ccfa9cd3428177014876
Merge: 8c7d07b b006f8f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 27 12:21:36 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 8c7d07b1619076f426dc2448d4eace309a18fc7c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 27 12:19:43 2008 -0400
Possible fix for bogus nat-t transition. Newly created ISAKMP SA has
st->st_clonedfrom = 0. So, subsequently connected ISAKMP SA may have
the same 0 in st->st_clonedfrom. Patch by Shingo Yamawaki.
commit b006f8f5431126ddf12c63f86bdbd34046adb5cd
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Oct 26 00:22:28 2008 -0400
Ensure selinux=0 for the uml's, just incase we get unexpected restrictions
commit 0af0e6591a45b67b397b85b9d1c5ffc5a85b2b8d
Merge: 5d4d59a 28fbb5f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 23 17:49:09 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 5d4d59a0f1d0f6eb4dc59e984317952c49a85264
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 23 14:40:07 2008 -0400
Added example config to fix the "Neighbour table overflow." error.
commit 28fbb5faa91d6af653dc268a39f903dd67eedbdf
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Tue Oct 21 15:01:36 2008 +1000
Fix the state tracking which was required to know the connection which
switching to an undefined state (if enabled).
Also improve the information contained in the state tracking (if enabled).
commit 6dcafcb0a15085a7ddd80240b9b18c6576df0351
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 20 21:03:41 2008 -0400
Fix another cast warning in uml_netjig
commit 91581c8858bcd35b06561e8ededf56c2935ac2c2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 20 16:04:18 2008 -0400
updated changes
commit b1b69b687e9e10400b00e7e06932fe4d8d2b1d06
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 20 16:03:04 2008 -0400
Removed the following keywords from the parser:
leftfirewall/rightfirewall (linux 2.0)
spibase, spi,espenckey,espauthkey and espreplay_window (manual keying)
commit bbe8d4d0fa3d84728286e93e0486c89d5c105d7e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 20 15:59:09 2008 -0400
It's </emphasis> not </I>
commit 1f09907b622b8bac1f362eff07a7bbaed96dc0eb
Merge: 4832cef 8039fba
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 17 15:50:46 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 4832cef18877a0f90dabf0cd8ef0e154822fed21
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 17 15:50:22 2008 -0400
fix another man page
commit 8039fba042e3ec9f334ba1c036bb28bc73feddef
Merge: 784f4a2 d330e76
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 17 15:38:32 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 784f4a224607adcf0c7120d31ae2c7b649be3f0d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 17 15:38:13 2008 -0400
merged
commit a27b72dddf1a091da0da20c85976c68a7163b149
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 17 15:37:34 2008 -0400
Fix warning in uml_switch.c
commit d330e76d15a7dfadf1099e4d480b3d97da2a52b6
Merge: 57070b9 e073996
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 17 10:07:04 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 57070b933eac9a248438d9675a9b221697221b99
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 17 10:06:08 2008 -0400
Missing para closing tag, minor textual changed to man pages
commit b81ad279256a8a17c59f2139b0c4e5eb68f4d2e9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 17 10:05:39 2008 -0400
removed generated file
commit d004f890745975ceb3b7e8ea7d1c0023004f028e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 17 10:05:00 2008 -0400
Default to use modprobe -q again in Makefile.inc
commit 1b2236478480c354e5f282acaa8528c4fa211941
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 16 16:22:39 2008 -0400
added posible options to man page
commit 24adf83a0802bb3717b24ea637839b2d96308859
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 16 16:20:52 2008 -0400
slight rewrite of plutorestartoncrash= man page entry.
commit e073996cba50bfd376bc99e308d9b249a3672676
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 15 11:20:53 2008 -0400
update CHANGES
commit 3e0664c59c96d6caa86678db8147800e2cf05970
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 15 11:19:25 2008 -0400
Move the option to modprobe to the MODPROBE?= line in Makefile.inc,
because insmod does not support the modprobe "-q" option.
commit 455edfd633abc2ba247bb4c0e7c3f8fd4a336e34
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 14 16:51:11 2008 -0400
Added more notes about IPv6 in various man pages.
commit b9ddd515cfcd27c07d675b8a5f741a4fdb902bd9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 14 16:45:31 2008 -0400
Added IPv6 example to documentation
commit c55f5ec03ce7e8163a57ed62a810d8b22bbee634
Author: Antony Antony <antony at xelerance.com>
Date: Sun Oct 12 05:54:52 2008 -0400
added missing atuo eth0 to interface file
seems in debian 3.0 it was optional. with 4.0 , etch, lenny it is required
otherwise interface will not be brought up during startup.
commit c919de86d74cd1136cc2b2076c39e077b432e657
Author: Antony Antony <antony at xelerance.com>
Date: Sun Oct 12 05:19:49 2008 -0400
added BLOCK device to netkey and plain config.
in 2.6.26 CONFIG_BLK_DEV is not default. Upto 2.6.16 it was.
commit c4460f4a8f85e16eee4a4498fc1142ad5d4c0919
Author: Antony Antony <antony at xelerance.com>
Date: Sun Oct 12 05:05:19 2008 -0400
set linuxrc-uml-x86_64.sh excutable
commit 7da8dcd34fb52b37f5d248e8c9608b340492e657
Author: Antony Antony <antony at xelerance.com>
Date: Sun Oct 12 02:55:23 2008 +0200
use allnoconfig instead oc cp .config make oldconfig
add swap to uml
commit 413976a2883e90810894a31f48b2a04cdd2091bf
Author: Antony Antony <antony at xelerance.com>
Date: Sat Oct 11 20:06:25 2008 -0400
uml works with intel 64bit machine
new file: testing/utils/initrd-x86_64.list
new file: testing/utils/linuxrc-uml-x86_64.sh
modified: testing/utils/make-uml.sh
modified: testing/utils/uml-functions.sh
commit 15e3c510c513b10371a9632aabce2ae5e1ccfcf5
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Oct 11 01:24:18 2008 -0400
Work around for bug #994, where we seem to be trying to reference the
state st while we don't have it, to log a warning.
commit 8210ef44c9ed89b1562d668c29d5f2bc59690d57
Merge: 167aecf b9be5fd
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 10 23:58:07 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit b9be5fd1f767896ce1b71db7c0aadfad7c1d0eb9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 10 21:02:40 2008 -0400
Missing #ifdef CONFIG_KLIPS_AH on openswan_inet_del_protocol
commit 25c2015d922c51100c69874568c96ab46b835fb5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 10 15:24:53 2008 -0400
Remove notice about it being a developer release
commit 8ee8ccb0567bbeb48ab5d4249b1bdb1e360af577
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 9 19:19:53 2008 -0400
Some updates from fedora merged into spec file.
commit 167aecfc9914b85300cf70d1c35b76cf283389a1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 8 04:42:21 2008 -0400
64bit fixes for umltesting - patch by Antony
commit d354eb459091e3a5f659842f9ce33d1af09369dc
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 7 21:41:03 2008 -0400
file bugfix under bugtracker#
commit 8cf1963bb6f92556d6d3ed21020897b06b962d07
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Oct 7 17:36:01 2008 -0400
Set default of SA_REPLACEMENT_RETRIES_DEFAULT to 0.
This is what all versions prior to 2.6.X has as default, and what
the docs indicate are the default too. In previous major versions,
it was done by programs/auto, but now confread sets the defaults,
so we need to change the constant.
Fixes bug #992
commit f0485d58a963bb7d0cae101d55bc2b00d5ddfd4a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 7 11:34:32 2008 -0400
Remove obsolete variable X509_VERSION
commit 0112f5a11ca9da1b8f1e20a644615e91e1f6436c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 7 11:23:16 2008 -0400
enable all wins/dns options as specified in man pages
commit f4fcbd098080715c76c8217e2ecf3280959f32fc
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 6 15:01:15 2008 -0400
updated changes
commit b30fc4715b11ca2e4031a46eebd8899691d9cf78
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 6 15:00:47 2008 -0400
Fix for pluto not starting wit plutodebug=all. This also adds the
--debug-netkey flag (which sets DBG_NETKEY which is an alias for DBG_KLIPS
right now)
commit 807a5338801cbc022abf343ecb863dd89c82f170
Merge: 33937cc 3e979bb
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 6 14:31:37 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 33937cca7b2505926c691eef31bd8f00c105a5d4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 6 14:29:16 2008 -0400
fix for ERROR: Module xfrm6_tunnel is in use by ipcomp6
commit 95d56abf2bff75a7da89926eaf4174287f6438f7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 6 14:28:38 2008 -0400
Put ipcomp{6} to the front of the netkey module list for loading/unloading
to avoid the error ERROR: Module xfrm6_tunnel is in use by ipcomp6
commit 3e979bb3ac6c3072f1f3d796fd3e0218bfd9faa1
Merge: fdb6d2f 5022f6e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 6 13:15:31 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 5022f6e6592da37ecc0d08aca55f8302d22576d9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 6 00:04:39 2008 -0400
updated changes
commit 2a1c3af500a119dc61b70c787cb8efbd332cbfe8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 6 00:03:31 2008 -0400
During the SAref addition, pfkey_msg_build and pfkey_x_delflow_parse were
changed causing a slightly different flow. Most seriously, it tried to
fill in addresses for pfkey messages without one, such as the x_delflow
message that happens on startup when 'ipsec eroute --clear' is called.
This caused the dredded ipsec_setup: Unknown socket write error 96.
commit cb83060f935fa12199bc5301271ec2ec26f481fb
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 3 14:06:42 2008 -0400
Revert "In commit 4312c8f6, K_SADB_X_UNPLUMBIF=19 was added but K_SADB_MAX= was"
This reverts commit 6f86c8dccf0bdeda7603286f0521280e55b48364.
commit 6f86c8dccf0bdeda7603286f0521280e55b48364
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 3 11:44:04 2008 -0400
In commit 4312c8f6, K_SADB_X_UNPLUMBIF=19 was added but K_SADB_MAX= was
not increased, basically making K_SADB_X_UNPLUMBIF unavailable.
commit 531deacde19ae161b99fe4a1c7553851cc16413f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 2 15:58:35 2008 -0400
that's parser.tab.c not parser.c
commit 6be3a2a128f0187999d043a44acd4e45c37fd018
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 2 14:38:45 2008 -0400
updated changes
commit c37f925a295232dcd747c7328d1d0922d7e37a63
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 2 14:38:00 2008 -0400
Add missing dependancy on parser.c for parser.o that caused occasional
probems on parallel builds (eg those done via rpmbuild on Fedora)
commit eb548897ee88d7670b0d7a7a33c9c57998cc1409
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 1 18:49:19 2008 -0400
updated changes
commit 92dc5d399f7bb2cfd278cf5dfe5a963c9e4b1119
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 1 18:44:17 2008 -0400
#984: Wrong ipsec_dev_get(x) function for Kernels < 2.6.24
little mistake produces the following problem:
1. start a ppp connection
2. attach an ipsecX interface to the pppX interface (ipsec tncfg ...)
3. stop the ppp connection
-> The ppp Interface is blocked and the Kernel-Log shows this:
kernel: unregister_netdevice: waiting for ppp2 to become free. Usage count
= -1
Patch by Martin Schiller
commit fbba6465213f70351826cdedfbae5616893b124d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 1 18:39:22 2008 -0400
#989: Patch for fixing type-punned compiler warnings. Patch by Alin Nastac
commit cec260afb814524755fcaf022965d84f4e08ad2d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 1 18:02:55 2008 -0400
remove duplicate zero'ing of peer_ca
commit fff40a6dc167e3cec648c6c8bab72c1d469a91e7
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 1 17:52:55 2008 -0400
Seems that some code in refine_host_connection() was just commented out
because it was thought to be unneccessary. That was wrong. It is the
bug that caused connections not to be found (with the work around of
adding the rightca="%any" to the conn)
commit 5b09048169693dd9e642a82b60f0d8411d781193
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 1 17:51:42 2008 -0400
Added netscreen entry
commit 55ff9a1edcb8ee69587653bbfe3bf3944762a827
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 1 16:44:06 2008 -0400
Added seam for list_crl_fetch_requests() for when compiling with CRL
fetching enabled.
commit fdb6d2fe054f52f962f651a17f089169dcc41d85
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 26 16:58:35 2008 -0400
Add "aes_generic" to the list of crypto modules to modprobe for, since
sometimes that module exists instead of "aes".
commit 3e6719dc8757c55d09c75e2f1f9475a4ea450eff
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 19 19:02:37 2008 -0400
textual change
commit 05f26dabb249a80e1252be763cd1cb2f08e2147e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 19 19:00:33 2008 -0400
properly indent file
commit 1b6051a179b2d29c3f53e72fb8ab2ed46229ebe8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 19 18:58:50 2008 -0400
Added note on using left/right when NAT is involved.
commit 3d1f7f11bd6fd22f7c60bf4dcff152126ea23fd8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 19 13:50:56 2008 -0400
updated changes
commit e3ba2b1613b3a46e019d149c68ff3784d06e3d05
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Sep 19 23:05:19 2008 +1000
With a small update to OCF this change allows sessions to migrate
to another driver when the OCF driver they are using is removed.
Patch from Brad Vrabete.
commit e044798e6d0deb2aacd05c1de7a08e1d268ab3b6
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Sep 19 22:58:17 2008 +1000
Add usage for modecfg options
Make sure that MODECFG_DNSWINS protects all the modecfg DNS and WINS
options.
commit 1583c01c55c80fc957fbaf52018b9d14e6983962
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Sep 17 10:32:36 2008 +1000
Here's the verbose description since I think this can be cleaned up,
I am just not prepared to do it right now.
The previous %any fix created a problem with default ipsec.secret entries,
that is the ones with no peers specified:
: PSK "..."
It used to work because two ID_NONE's are added to secret entries with no ID's.
Because same_id always matches ID_NONE, we ended up with a
match_him|match_me answer. Which IMO is wrong since it can trump a true
match of him/me.
As any_id now also matches ID_NONE, the %any change meant we ended up with a
"match_any" result that was not handled at all.
The solution for now, add in a "match_any" case, which is mostly good
as it allows specific matches to be chosen in preference, and it also means
that slightly better matches (match_him|match_any) will also be chosen
above the complete wildcard match.
commit f351df9addabde2526a7e1bce759056444f6aaf1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 16 00:35:11 2008 -0400
updated changes
commit c37d8d9162743b8930ab94fbfc3e7a1df6a4c111
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 16 00:32:51 2008 -0400
RHEL/Centos 2.6.18 kernel have some code backported from 2.6.22. This
caused KLIPS to fail to compile on their trees. [dhr/paul]
commit 4128b1876fab8f9b69032eecb41d6943a4c36be2
Merge: 2d49f75 3d5aab4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 15 23:17:14 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 2d49f755e7592a11d920a4e2ae080974f1a6ed1b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 15 23:15:29 2008 -0400
fixed another merge anomaly
commit af54af36187b9c05beb6a3c882575f0ab25bebb0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 15 23:12:36 2008 -0400
missing ";"
commit b774ee2c45dbb818bfce6f35bf0fc19448c41ac3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Sep 15 23:03:44 2008 -0400
Removed bogus "+" symbol left from diff.
commit 3d5aab4a295970d1501610bc73d5495f8face59e
Merge: b8238db 59a6292
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Sep 15 14:42:15 2008 +1000
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit b8238dbba672f2cbde466efa83f7640440235d16
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Sep 15 14:36:55 2008 +1000
When nhelpers=0 send_crypto_helper_request was freeing "r", but "r" is
usually passed in as the address of a variable on the stack, so this is
definately wrong. Not sure about the pfree(cn) either, but it seems to be
hanging together ok.
Also fix the "ps" names of the crypto helper programs (at least on ARM) which
were getting overwritten by the zeroing of additional args later.
commit 59a62924a8c5e2992f83fe2fa029010e423e46ce
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Sep 15 14:36:55 2008 +1000
When nhelpers=0 send_crypto_helper_request was freeing "r", but "r" is
usually passed in as the address of a variable on the stack, so this is
definately wrong. Not sure about the pfree(cn) either, but it seems to be
hanging together ok.
commit 703f9c1efc32e570e53f5b79087dfaa25fd1aa8f
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Mon Sep 15 14:34:53 2008 +1000
When running with nhelpers=0 it seems things are completed in a different
order.
Not sure the logic of some of the release_md calls is correct, but this
check is harmless and fixes a crash due release_md being called with a NULL
pointer due to a previous completion.
commit 54d30222499d239e730be2797962265c033d0f94
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 10 00:52:06 2008 -0400
docs on using lucent client
commit cb808c0f97a5eb668aa8cc5d0969f18c6409c77e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 10 00:41:56 2008 -0400
added info on Lucent vendorids
commit 92f2c7db52482851e55625a38e20b4fe12648cca
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Sep 9 14:34:48 2008 -0400
Added unknown lucent vendorid.
commit 20c05e188f73c2cacf3857c034aa72114c464307
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 22:29:22 2008 -0400
Added OCFv1 docs.
commit bbe75dec778242bdafc05031f5987feccc8e4d53
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 22:27:51 2008 -0400
Added OCF2 documentation/presentation
commit 4e8d3a775b929894c3b43524c7a28bba830777d9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 22:20:58 2008 -0400
Added svg/pngs of OCF openswan-3.0.x design
commit d54d8f36b5f1caaea7de6f640f2d99778e8a4620
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 22:04:13 2008 -0400
updated CHANGES (lost commits from the #macosx tree)
commit d2dd21c9cab837d6af9aae417c8f4c732d47040a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 21:51:41 2008 -0400
change to LEAK_DETECTIVE code by Ilia Sotnikov:
LEAK_DETECTIVE functionality in Openswan will not help too
much in this situation because it reports leaks only at exit
when some memory could leak from a main mode to next one and
freed at exit before report_leaks() called.
(ed5e1a9352e1e08b331688982fa45e93a787ad4c)
commit 848168b68b279fcf4d9ff06082d01ed099686d0c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 21:38:04 2008 -0400
commit bc4557f38a95b86eb894ac2951d23d065a1f3cbe
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 21:37:38 2008 -0400
mpz* memory leak fixes by Ilia Sotnikov
(274f090143dac807c25b82911c42b15921e7e4ed)
commit 8d07ab02b883be7c23ab129233d27876091fa711
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 21:29:20 2008 -0400
changed comments about AH and ESP to make more sense.
(6edb764c253f3ee658a997c48b3b6331c845c02e)
commit 4ee4f7c73ce7d05c2db59c403d772b6c2ba39b83
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 21:25:39 2008 -0400
mpz* memory leak fixes by Ilia Sotnikov
(274f090143dac807c25b82911c42b15921e7e4ed)
commit 67bfbbb4526b884e3793fbe18f4084fce68a6568
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 21:22:06 2008 -0400
Commented external perform_dh(), as it does not seem to exist anymore.
Left a comment of an suspected memory leak found by Ilia Sotnikov, in
2.4.x, but probably still relevant. This is on not freeing a struct
dh_continuation dh.
commit bc6ebb7e1dd371a40ced401f626300009ee70c5f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Sep 5 21:02:57 2008 -0400
Free st->st_sec as well as st->st_sec_chunk, patch by Ilia Sotnikov
(commit f4b36e2b3f3df00080f5c0e8ca84e7b893c45b46)
commit c12a943e9cabb9231fc0ee87e95a40cadf3ba8cb
Merge: 704b8a9 5edf535
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Sep 4 13:28:35 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 704b8a9d97e2da89fe582e783e5ee3deb6d5d1c3
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 3 17:26:47 2008 -0400
updated changes
commit 5edf53593dc71c16933329ed59a399936b763402
Merge: 3b9215d 377e891
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Sep 3 20:54:00 2008 +1000
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 3b9215d895a450dcca52d82bb817b3c1e37ab66a
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Sep 3 20:51:01 2008 +1000
Fix up the names so that logging/status for DPD restart_by_peer displays
the correct value and not "(null)".
commit 377e891ccf7d11386e79c78c79f1994d5aedd4b3
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 3 00:20:55 2008 -0400
updated ipsec.secrets man page with new %any examples.
commit 621ef09ac31092a20772a7ea8d29bd2dc947d8ed
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Sep 3 00:15:42 2008 -0400
updated changes
commit c34c435e8a7a81e735bafcb441f07ab2b1dc029f
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Wed Sep 3 12:07:33 2008 +1000
Pluto was not matching secrets with one ip address and %any defined.
This change allows matching of secrets using %any, for example:
%any <peer-ip>: ....
<my-ip> %any: ....
commit b8fe9208f34304b9ce039d590c9de8e9d9b423b0
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 30 15:04:52 2008 -0400
updated changes
commit 32856766d65c1f31323d7f7a66661f9d5c277577
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 30 15:04:23 2008 -0400
two debian packaging fixes by ruben (bug #979)
commit a9b2278da7d256a63fdbcf50fcbc5121e0d071f9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 29 14:53:56 2008 -0400
updated changes
commit 648dd789e300fc68b086efc611a0734c5502cd99
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Aug 29 09:12:45 2008 +1000
Fix up the recounts on SA's. There were numerous places and ways we were
getting this wrong. This keeps the refcount consistent while SA's are in
use. Needs some more testing over longer periods to ensure that there are
no problems when rekeying etc.
Switch all .*kfree_skb calls to ipsec_kfree_skb for consistency.
commit ef555066dadad2916a324b6062a8fb53b1c8f261
Author: David McCullough <david_mccullough at securecomputing.com>
Date: Fri Aug 29 09:10:48 2008 +1000
Fix memory leak when we run out of descriptors, also update the stats to
show the dropped packets.
Switch all .*kfree_skb calls to ipsec_kfree_skb for consistency.
commit 019fb8dfb39980515c31ec96868aace542e3bcd3
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 28 14:09:59 2008 -0400
updated changes
commit 2fa448fd4814af9dc06f96b11fdb90ff62e5994e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 28 13:08:31 2008 -0400
Documented xauthusername= and using XAUTH in ipsec.secrets
commit 6579ebfd53e3b568462e69d569e57ec90dc43f1e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 28 12:39:47 2008 -0400
Changed last occurance of physdev->iflink to physdev->ifindex to allow
VLAN to work properly.
commit cbdea7b8fb39f8c8badbc5690822df9a9152b98b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 28 12:32:36 2008 -0400
Use ixs->physdev->ifindex not ixs->physdev->iflink, so that VLAN's which
share the same iflink, but not ifindex, work properly. Lost in openswan
2.4 -> 2.5 transition? Originally found by Tino Keitel and Krisztian KOVACS
commit 8382b1190d65e7324cecf1729228ec81adcd5a9b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 28 12:27:55 2008 -0400
Quick fix for debugging in case the device name is not available.
See: http://lists.openswan.org/pipermail/dev/2007-May/001580.html
commit d9c45df8233541eb0ec0fd001c8359693d30bb3f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 27 16:05:29 2008 -0400
Updated CHANGES
commit ea85e72b553f7d3dc5cd0f78f341b314ea627711
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 27 16:04:50 2008 -0400
'complete_state_transition' calls 'nat_traversal_change_port_lookup'
only if the state transition requested to send a reply packet. As in
aggressive mode, there will be no reply packet in transition from
STATE_AGGR_R1 to STATE_AGGR_R2, port floating will not happen for p1st
(phase-1 SA). Patch by hiren joshi.
commit 9be838c6e5b6935548ef10313330f82a29f560bd
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 27 15:53:52 2008 -0400
Fix in man page. this is #978
commit d44d3f74e33fa50b1a76e039bb0663a387fbd607
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 25 12:22:18 2008 -0400
Memory leak / refcount fix by Shingo Yamawaki
commit 5c0cf9eb4c5d2ffca224a1eefaeda959a4d6d752
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 25 12:18:16 2008 -0400
cleanup ixs when we fail to find a refhim= on the skb.
commit f143aa2c6ce9d7c6037bae5d858ae32584f5fd26
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 25 12:07:07 2008 -0400
updated CHANGES
commit 9ff6603ff312bd4d5b3087e203575059ba701f90
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 25 12:03:57 2008 -0400
updated changes
commit be451ecadc99600a25854923df884055fc4ff4f8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 25 12:00:54 2008 -0400
The rekey= keyword in the parser got flipped, meaning rekey=no became
rekey=yes and visa versa. Not specifying rekey= was not affected and
still defaulted to rekey=yes. Patch by Shingo Yamawaki.
commit fc51f431256c1a473574762e6d2af59bcdf6e203
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 25 11:59:53 2008 -0400
added kernel_overlap_supported() and get_sa_info() to seam_kernel.c
commit 49a5c353be9bbf8c845695ed866df82a268ee366
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Aug 24 00:06:45 2008 -0400
Removed remaining CONFIG_KLIPS_DEBUG conditionals. Left the Makefile
and Kconfig parts in for now. 'make check' no longer fails compilation
in various cases where CONFIG_KLIPS_DEBUG was not set.
commit afbd3875332b4d7e816e18875fea5eae16d397e8
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Aug 24 00:00:13 2008 -0400
Added TCPDUMP like TCPDUMPFLAGS to functions.sh, as I was seeing errors
on TCPDUMP evaluating to nothing.
commit b83c74676c184670210d8e5f7f4b9aba4716d071
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 23 23:41:12 2008 -0400
Only define DB_XF_INIT if not already set (by CONFIG_KLIPS_DEBUG)
commit 3d7f732c3be581da14743fff56c201cafedc2885
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 23 23:14:03 2008 -0400
Removed another CONFIG_KLIPS_DEBUG
commit aa6acf265fb5262cdd9e9c1fa30ec1bb57cf2f31
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 23 23:12:44 2008 -0400
Remove another CONFIG_KLIPS_DEBUG
commit c504b41a37129d037d19c2c64cf9bb403b1b8f54
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 23 22:57:10 2008 -0400
Removed another CONFIG_KLIPS_DEBUG check.
commit 4d77605cdce82d55f332ae276f997980c0ab9d1d
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 23 21:35:32 2008 -0400
Some debugging values, such as DB_TN_CROUT are used outside
CONFIG_KLIPS_DEBUG sections. Since CONFIG_KLIPS_DEBUG will be phased
out anyway (and all code will always have the debug code), I've removed
the #ifdef CONFIG_KLIPS_DEBUG around these defines.
This was triggered in modtest-noipcomp-01 but likely also elsewhere.
commit 89ca5e4e59d84bdc866173e1fcb9d5ebaf4cc0f1
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 23 21:28:08 2008 -0400
clarified warning on using NF_IP_LOCAL_OUT in __KERNEL__ mode, which we're
apparently not supposed to do, seeing the ifdef __KERNEL__ in the .h file.
commit a8564289060fa532bc140876b582dd3f325a96ab
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 23 18:02:21 2008 -0400
No longer use the assembly version of des_encrypt (dx86unix.S). It
is i386-i686 specific, requires framepointers and does not work with
CONFIG_REGPARM=y, which is the unconditional default for 2.6.17+
commit afabf761e5e4893891ea6509580f2d36e825fe5c
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Aug 23 17:40:54 2008 -0400
More meory leak fixes - patch by Shingo Yamawaki.
commit d9477949199a3e83e3d629f88d3f7aefaf3b0c5d
Merge: bcd56b1 66bbea4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 19 15:48:52 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit bcd56b186c408b720fd0a1d78a510a49c36d375d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 19 15:44:19 2008 -0400
refcount fixes - patch by Shingo Yamawaki:
"First, 'ipsec_sa_add' has two 'ipsec_sa_add'. I guess the latter one should
be removed.
Second, 'pfkey_x_grpsa_parse' manipulates two ipsp (ips1p, ips2p).
Both are automatic variables, and in the end, ips1p holds reference of
ips2p. So, it needs to do 'ipsec_sa_put(ips1p)' to restore the refcount,
at the end of the scope or the usage."
commit 66bbea477ec66e66f82a932a50ee60b5f65d31df
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 20:28:23 2008 -0400
my efance has no EF_FREE_WIPES
commit da62d4c522c2eba4a15444696e8ab6b0b2e60eb8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 20:27:24 2008 -0400
Removed exit_tool() since it is comes from
testing/lib/libopenswan/algparse.c
commit 1ffaa1631a7c3e4e0968f851610d1cccb1219197
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 20:18:16 2008 -0400
Re-applied lost commit fdc59e3dda7ca98e41fc5a1c7557b7090724dbf7 which
refactored show_connection_status() to get show_one_connection() which
is used in various testcases in testing/lib/libpluto/
commit 2b0cd71a21c1cd4b8b7a167943b5b441da24a7e7
Author: Paul Wouters <paul at thinkpad.(none)>
Date: Mon Aug 18 20:11:38 2008 -0400
workaround to only use get_sa_info() on NETKEY. get_sa_info() should
merge with was_eroute_idle() which is a proper kernel_ops.
commit e7f407d599511b0b4b16e85aa827ca80c7545f38
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 12:47:01 2008 -0400
lingering readme file commited.
commit 3d2b5a9b099188fac70605e5b0fec912db1d387e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 12:20:42 2008 -0400
updated changes
commit c2a5b626edc001dd1ec3cba6d84e5a1aeb677a1d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 12:15:09 2008 -0400
Added missing arg to openswan_inet_add_protocol() for the !NET_26
case. [gerg]
commit 14a271139adf1d0daefffad4803ae81261220ef1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 12:14:29 2008 -0400
The .owner field of the struct net_proto_family and proto_ops only
appeared in modern 2.6.x kernels. Condition there setting on
compiling for NET_26. [gerg]
commit 93383bbd94c746ccdd32a483871c1797f60024d3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 12:12:40 2008 -0400
2.6.14 merge conflict and fix problem with ALG and OCF enabled.
[Ramon Schönborn <RSchoenborn at gmx.net>]
commit 28561dde31d4e98ef528f0c19b9774e33b97496d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 12:08:46 2008 -0400
Most parts (but not all) of ipsec_tunnel_ioctl() are only valid when
compiled with KLIPS support. Also fixed a missing bracket. [gerg/paul]
commit e1b00d8c833d33cda914b84dbb3336bd637fb767
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 11:57:11 2008 -0400
Fixups for compiling against on older kernels. Need to include
moduleparam.h pre 2.6.x kernels, and only include net/xfrm.h if we
are compiling NET_26. [gerg]
commit aa2c8d535f77b7bdcbd324d7803cc1d9914f8ac1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 11:47:24 2008 -0400
We need an declaration of "struct flowi" here for older kernels. [gerg]
commit f16fdc6cda09b2ef8c76ba4cb6d7ce2ff1485653
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 11:46:05 2008 -0400
Some newer 2.4.x kernels actually do define module_param (ala 2.6.x
style). So conditionally define it locally. [gerg]
commit d2769c9f9fa584d15f9126d893c87dc8ffff08d2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 18 11:45:02 2008 -0400
The nf_debug field of "struct skb" only exists of CONFIG_NETFILTER_DEBUG
is enabled (at least in modern 2.4.x kernels). [gerg]
commit fe75335534564645682464982fd400095a63d563
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 12 21:27:36 2008 -0400
Fixed klips logging to use proper function name ipsec_xmit_init2
which is the new name of ipsec_xmit_encap_bundle_2
commit bae4b5398d20b97fb8bd5228f6ddbf253d860ec7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 12 17:36:45 2008 -0400
removed 2.0 and 2.2 patch files for af_inet
commit 8a1e635678a82ff834061d9d135a8ebf11855392
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 12 01:22:26 2008 -0400
updated changes
commit d46610637a152f307e94f11a0a80a11b53c51dd1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Aug 12 01:19:44 2008 -0400
updated CHANGES
commit 070c6c2cb13a3df82a73ebe7a37bc0825c7c9769
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Aug 11 23:44:25 2008 -0400
Move change_state down after we do the cleanup - otherwise delete_*
fails since the state is Null'd and we don't know who/what/where
to delete
commit f94b93b00816c3e9025fab713582b9c9d02eff67
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Aug 11 19:06:16 2008 -0400
Disabled HAVE_STATSD in Makefile.inc for default.
commit 8f88501b432aeb48560746e47846d08d9ddc7e68
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 31 10:33:06 2008 -0400
Only call ipsec_nat_encap() with CONFIG_IPSEC_NAT_TRAVERSAL support.
commit d99999725bb6efab4acacb6542a85cf5d170d489
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 23 17:11:18 2008 -0400
Fix rmmod calls to not use -s (syslog) since busybox rmmod does not support
that. Also changed rmmod -r (undocumented, prob used to mean recursive)
to rmmod -a (which is recursive on busybox, and undocumented/ignored on
regular modutils).
commit 1412035648d9165243f799be49c294bedf7a9210
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 15 01:37:39 2008 -0400
update CHANGES
commit d18306bce468612dd4118ef45f50965913c25e45
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 15 01:34:54 2008 -0400
Commit c75967b03b2c478a612aef4ccb7e5dff6e4bdaf5 introduced an off-by-one
error when looping twice and skipping deleting phase2's on the second
pass. For that second pass, pass == 1, and not pass == 2, since pass
starts at 0.
commit df2aea3f29238f4a0460457db9c0e97999835805
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 15 01:28:54 2008 -0400
Added comment on low priority bug found in ipsec whack --crash only
supporting IKEv1 peers.
commit 66759f63ec2600e1335d02c2b703bdba81c13985
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 9 15:38:02 2008 -0400
Disable OCF in kernel build per default. Note that CONFIG_KLIPS_OCF should
not be defined to 0, as that still causes #ifdef CONFIG_KLIPS_OCF to be
true? The userland builds with OCF support using HAVE_OCF (we currently
do not build userland properly without it)
commit 26810d696d236be14fadb3ad38bfbd6bf6e796f6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 8 11:41:18 2008 -0400
Allow x- as well as x_ comment styles [david]
commit 67e107b63d452dd3718ee15d73e25a4944434808
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 8 11:39:40 2008 -0400
Remove some netkey related things from _startklips, fix detection code.
commit 78ba297c69c65d8bd096086cb23cad024f9dcd04
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 8 02:52:26 2008 -0400
Added "oe" as good option to _confread
commit 666c066604cdfb3db856f337b4fbe1a71565f7b9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 8 02:19:08 2008 -0400
updated changes
commit 522ff2768a48a5434a11ff8a8fb9d4480b7004c2
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 8 02:15:54 2008 -0400
Fix for "sysctl table check failed: /net/ipsec .3.2112 Unknown sysctl
binary path" error on 2.6.25+ kernels. Note that "2112" is our
"random" sysctl number. [david]
commit 07bf622a89762bd75ae2664967a92c0fea2048c1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 8 02:08:43 2008 -0400
rekeyfuzz is percentage, not integer [david]
commit ddc69b7986b92bb74eb5eacf4e0fabd7602871f7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 7 13:29:53 2008 -0400
update changes
commit 4fa26c62e36a8fbce70010a758ad41fc7e2f4626
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 7 13:28:53 2008 -0400
Fix man page
commit addb9065f924ecc1199ce3e5c7d0a79059dcea13
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 7 13:26:22 2008 -0400
updated example files to explain passthrough, fix %defaultroute and
add leftid=%fromcert
commit b5a90ffc38a1f97cdffc1283d5c38b78a720c163
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 7 13:19:51 2008 -0400
Remove a spurious comma.
commit 87aeb16769c33d67c184b81ce0bcff13f71d6d40
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 7 00:36:30 2008 -0400
another note for openwrt people
commit c37bb1e9da5c0a9112757590847d849b02172384
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jul 7 00:34:36 2008 -0400
Left some grafitti on the wall for openwrt people to not hack in
/dev/urandom. Perhaps now they will stop doing so.
commit 59965bc1f64093206ecb626010883c8ec4642724
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 6 12:09:41 2008 -0400
If null_proto_info is to be shared amongst multiple sources make it
obvious that it is. Also stops our build from failing with
-fno-common and fatal linker warnings. [david]
commit d3533ffb3402c4369a873b4b8881ac886229d16c
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 6 12:08:39 2008 -0400
Added missing new files from OCF patch [david]
commit 213679aa5a8d0c0463acaa3900389bfeb2d2ff83
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 6 12:06:14 2008 -0400
xauth makefile fixes
commit 383bfd2d1370795c40092dfd4a9b2d74c2ce8328
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 6 12:04:43 2008 -0400
for uclibc check for __MALLOC_GLIBC_COMPAT__ and MALLOC_GLIBC_COMPAT
commit 0b2fd58206aed36fe018d95382a2a7b09fd74e3b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 6 12:03:14 2008 -0400
Fix make clean target
commit 8b30879fbdf56b108103c3e4ee33a5f78e5a5b11
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 6 12:02:32 2008 -0400
Fix makle clean target in lib/Makefile.library
commit 1b3790b2c42c2106e6a3b66da9b58332bf125c1b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 6 12:01:24 2008 -0400
remove Makefile.* from .cvsignore
commit c39fed1477251469aaf95c4c39a4ee6e5722a61b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 6 12:00:10 2008 -0400
lingering .gdbinit files that were not commited
commit c36565b038e70ebdab825a2f2efeb77a6b320ae4
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jul 6 11:58:46 2008 -0400
New files from david's OCF patch that were mistakenly not included.
commit f801af0109f229533e6d4cb54e7abca9ba422e3c
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 5 13:02:11 2008 -0400
added osw_select.h[david]
commit bcfbcc7de85d0b9e9efc5ba96f1ae2fdb140c08e
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 5 01:09:27 2008 -0400
Merged in David McCullough's OCF patch.
commit 53ffbfb2c13962368a5b6949d407eeb5c101e16a
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 5 00:35:55 2008 -0400
Fix parser warnings [dhr]
commit 9a6c4e726cbc5c1d60bd7a19eb811cebcbc731f0
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 5 00:26:26 2008 -0400
updated changes
commit f2d109be5c27992053070823bd4cc50a777c6100
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 23:49:55 2008 -0400
Fix #if to #ifdef for HAVE_PROC_DIR_ENTRY. fixes for const in pfkey_v2.c
commit d3b8bd65a8569cd8f8365aa4435fd0f57093cc9b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 22:57:11 2008 -0400
Replaced u8 with u_int8_t (instead of defining u8 to u_int8_t)
commit cbd8a4d7c75b88699168c00b21cb1f08a2e29972
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 22:55:15 2008 -0400
remove cast
commit fb62e4722fa7ae56d80bbb0723ac7cb467db47af
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 22:51:45 2008 -0400
Overlay the system select call to handle many more FD's than an fd_set can
hold. This is to support more then 2048 tunnels with netkey. [david]
commit 994fdced77a8794cf7d6c04fea808c07e1162be8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 22:43:47 2008 -0400
update changes
commit 2b0ebf1f2692843f38072b502bbc03bd9d4f65ea
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 22:27:36 2008 -0400
Fix a few warnings in update_host_pairs. [david]
commit f09e652c334c8485a010fbbb5219e6b887e1673c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 22:27:01 2008 -0400
Added support for HAVE_STATSD to log state changes to an external
daemon. This is for easy gui use, where one does not want to parse
all logs. [david]
commit fe7152954b059daee17a0345f0c1085e4e28f506
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 22:18:49 2008 -0400
removed unused line
commit 9c5770f4f13d4b0e616d6a0a83fd5c8b784b3d86
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 22:17:57 2008 -0400
Added -DDYNAMICDNS to CFLAGS if USE_DYNAMICDNS is set.
commit 63a2797bb87b3ee0f973a50ff77a5798f60f53aa
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 22:15:38 2008 -0400
Add HAVE_STATSD and USE_DYNAMICDNS to Makefile.top
commit 29acaf99a3fbe8c9f2a2119d2a4e33addf27650a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 21:31:18 2008 -0400
change to a const.
commit c5cb4510e4968d0bf74fd6f410405b5b7f37f5c7
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 21:27:12 2008 -0400
missing BIGNUM [david]
commit e28780e114728dae1096ad886f398674b9ecefd6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 21:24:29 2008 -0400
l_inet_addr_type changes for 2.6.25+ [david]
commit d07b8dddf28b4b91277d9aaabd180e73b39774f5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 21:19:58 2008 -0400
/proc changes on 2.6.24+ [david]
commit 2732d7659044adcf23ecb97e2e87243b9579c5f4
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 21:13:07 2008 -0400
Commented out code that freed the SA immediately on creation and then
reused it! Not sure why it is here. [david]
commit 089ce3e10ed91a92fe5197117526b03e95bde0b9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 21:05:38 2008 -0400
ipsec_kversion updates to support 2.6.24 and 2.6.25 kernels [david]
commit 190821d49ab40e776a00781e4962a9b0beb0c574
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 20:50:23 2008 -0400
Completed support for USE_SINGLE_CONF_DIR [david]
commit a30bd2f2c24034ed0ac50dfa2ab90d914deac959
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 20:40:01 2008 -0400
Removed starter - it is now fully integrated.
commit b578ce5ee0f1981af165dda56bfa32a4e009715c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 20:36:50 2008 -0400
Moved starter README to docs (since programs/starter is removed now)
commit 27c2920a5f50c99b08be0d5ad1dfb35e0e9d089f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 20:00:15 2008 -0400
disable XAUTHPAM per default (slipped into another commit)
commit e674af82219a24dcf06a32875724bd9e7a939049
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 19:54:48 2008 -0400
make a few prototypes extern [david]
commit 3a455ce011e97e7a3a7dc6820fc435b495932248
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 19:29:59 2008 -0400
rootdir is extern [david]
commit 4464b237ac785f5f5b47d37d74e60384890b2510
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 19:23:55 2008 -0400
Added option for USE_DYNAMICDNS to Makefile.inc
commit 1c9c6897fa2acbf1c404b081343bdd15441eeb80
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 19:19:40 2008 -0400
FreeS/WAN to Openswan
commit 77587a2980e99b609f297958b8f00a73951e8265
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 19:17:38 2008 -0400
remove _updown.in from cvsignore
commit ffb3446aa17a17d70d4e0999335a7fa5f30557c5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 19:17:04 2008 -0400
Use @IPSEC_CONFDDIR@ in _plutorun.in
commit 889ebed3f710b9afb831e8f15812475459ca6e51
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 19:15:07 2008 -0400
Use USE_DEFAULT_CONNS value in confread
commit b250210a456331741608a8e15e881c476e9cff64
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 19:13:14 2008 -0400
USE_DEFAULT_CONNS value wasn't picked up properly in Makefile.programs
[david]
commit 9b8bfa436aba0cb9fea9d34c4ac091e8bcf6b63e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 19:01:21 2008 -0400
explicitely name ipsec_device_event as .notifier_call [david]
commit cc104568179f07e7e2cf208f98b5e430a341a5bc
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 18:48:59 2008 -0400
Removed some pre 2.4.x kernel code [david]
commit e772d432de2ee979af0678cb534a00b908f751d0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 18:45:20 2008 -0400
make logging using verbose consistent in certload [david]
commit 57afef467300cef2d01bde73dd5e579c25e6aabd
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 18:44:34 2008 -0400
discard negative size 'files' in certload [david]
commit bb75a5c073142a83082850cb20c425205bb79781
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 18:41:54 2008 -0400
$(LIBA) was not clean with make clean [david]
commit 6ed979dd58b72530fb69bdbbdf0256615afba2c8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 18:37:01 2008 -0400
Added USE_DYNAMICDNS to allow doing dynamic dns lookups when restarting
a connection (eg after DPD kicks in) to better support dyndns services
Patch by David McCullough.
Removed duplicate modecfg_* entries in whack_message struct.
commit 486de85cb9da4c384baee4a9448eedf8af811141
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 16:41:12 2008 -0400
Various fixes to Makefiles to not kill an already defined CFLAGS=, but
to add to it using +=. libwhack also did not clean $(LIB). [david]
commit f4ab6e82b2ababd5b8f4757b8ceb535b764c2ddf
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 16:34:11 2008 -0400
Add include for sysdep.h to isc random.c
commit 5877ae3ba9adee2797f5054f10ac1615a0d4a68f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 16:29:11 2008 -0400
updated changes
commit 5f252fca5e33b3f2354a80c5bf6d4f49cb79bd1a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 16:28:08 2008 -0400
Added restart_connections_by_peer [david]
commit a0730621854f0a28156f31fffbafc9780660954e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 16:20:39 2008 -0400
Added dpdaction=restart_by_peer. Updated/fixed man page (which also
missed dpdaction=restart)
commit 4bf3971976e0cf5726f2254e8ee3d23b28331b16
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:52:51 2008 -0400
Add ctl_table to kunit test
commit 263203b206505b0961008d727aa3059e54219fd6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:31:35 2008 -0400
updated CHANGES
commit 0ab7ffbece657b2f3aaf3b2cb1af2a713a18694f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:29:21 2008 -0400
Updated packaging/suse/* to build on recent SLES
commit e4a740c04590bf39c78eff863391613fa305d719
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:26:35 2008 -0400
change a KLIPS_PRINT to KLIPS_ERROR
commit 1972b192d2735d0c5e3ad404483cc9a0766b03ac
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:24:55 2008 -0400
strstr() vs ipsec_strstr() fixes.
commit d037106577785c599f0f736195667c85690c08ae
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:22:53 2008 -0400
ipsec_breakroute is expected to return an error, not 0, on error?
commit 58b8fdb5bb59d474d9d37c4ca3061651b80e76c0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:22:01 2008 -0400
updated BUGS
commit 508162ec30444710c1e8480bbf92cc51bc543f8c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:21:08 2008 -0400
pfkey_ops SOCKOPS_WRAPPER fixes and split out pfkey_upmsgsk() from
pfkey_upmsg()
commit 6b0e65d192a775269ac4f9e1a370226cbbef6acc
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:10:37 2008 -0400
Changed commented line in Kconfig to use "depends on", though that is
also not what we want (since it would just hide CONFIG_KLIPS if
netfilter is not turned on)
commit bf93913c84b60d0a67487b171f52f65c5498991d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:08:35 2008 -0400
removed 2.0 and 2.2 based Makefile patches
commit a8f7e3bc62758eda24d3d8e6161b00aa2473e11a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jul 4 15:08:14 2008 -0400
Removed patches for 2.0 and 2.2 kernels, since 2.4 kernels are the minimum
commit b292d7a06826d6784576b45f7acd3adf7478de30
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 3 00:26:41 2008 -0400
added mising prototype for pfkey_upmsgsk
commit 80b6520b60b547951d8e591698250be8e395f238
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jul 3 00:01:23 2008 -0400
Added missing error handling in pfkey_x_plumb_parse / pfkey_x_unplumb_parse
commit 702efccbc9bca6b7ace072b8517c58d694acf825
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 2 23:58:20 2008 -0400
Added missing pfkey_x_simple_reply()
commit b9d6acf5144b7cf771580bd58d2ed46e0eb5ccf4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jul 2 23:35:50 2008 -0400
Fixed debug to show proper func name in ipsec_xmit_encap_bundle_2()
commit ec9b619b0fc5bb18de255f1b77f3e1a784de419c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 1 12:13:43 2008 -0400
updated CHANGES
commit c97235d6bfd8ab7a08662c856b5308024bbcdfb6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 1 12:11:22 2008 -0400
fix for "left=%defaultroute" use by Tuomo.
commit 6d9f6ac272f20b4455b1a99f7b73dc35dda0608c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 26 17:18:20 2008 -0400
update CHANGES
commit d7091ccdd4a37d0fdab47b226d33418450460626
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 26 17:17:06 2008 -0400
Fix a call to pfkey_ops to use SOCKOPS_WRAP(). Minor cleanout of legacy
stuff.
commit 57afb20e65aeeb9e9170c4606042a7188b673b67
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 26 16:41:45 2008 -0400
Add some debug to setup_cipher_list() if debug_crypto=1
commit e3b633dbe2ef49e5faae5b6e41b749f6e0c11a1d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 25 08:48:24 2008 -0400
updated changes
commit 1a4b146f1561421264cac19b67ad1b8d11aff638
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 25 08:45:18 2008 -0400
Add dependancy to Makefile to fix paralel build (eg make -j4). patch by
Tuomo
commit 2e3ea8707c02bd47b047b59d6448c13fd823ea0a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 25 01:53:45 2008 -0400
updated changes and added bug ref to KNOWN_BUGS
commit 6a37bfe8562489c7ac9d7db4771b54b52a200019
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 25 01:53:21 2008 -0400
Add support for kt_obsolete to various confread/confwrite/parser.y routines
commit f920c4682540a31f3f14a1d3eb754a00fcfb1741
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 25 01:09:14 2008 -0400
Fixes to quick_inI1_outR1_cryptocontinue* to return void again, and
complete the reset_cur_state(), while still avoid the PFS mismatch
crasher.
commit 3e6c1fc5a29c8ef2b024ed52d5382aee873dc158
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 17:00:33 2008 -0400
Change non-standard #ifdef DIVULGE_KEYS to use DBG(DBG_CRYPT, ... );
commit 1cd9bc1dde337ac0a55f081862d7d9bd78a78091
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 16:47:21 2008 -0400
updated changes
commit 4f9fdabaed8104d7916aa497feade3409d8fcf98
Merge: b9b8743 5936bca
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 16:19:45 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit b9b874389167ceceb85fc5c27f2d17ce23820f48
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 16:13:04 2008 -0400
proper keyword is USE_BSDKAME, not USE_BSD
commit 96c55e1d7ff117fd3e8235825e0075c3e21d5ad1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 16:12:09 2008 -0400
Updated man page to list rp_filter and forwardcontrol as obsolete.
commit 255ef06064a8b62d96aac60edc39e3152717ffd8
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 16:11:40 2008 -0400
Remove all manipulation of ip_forward and rp_filter from the scripts.
commit bbe7f23c13cad9398985a47a3378909a8a0c570c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 16:11:09 2008 -0400
Change forwardcontrol and rp_filter to be of new type kt_obsolete, meaning
we allow the keywords, but ignore their values completely. addcon will
print a warning (though this will probably not be detected by the user)
commit 5936bca6faa1e05deff36b54cf19fe3d7fe4d1e1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 16:09:52 2008 -0400
updated changes
commit 8cff907403410122e8aae3385fd1f1aff71811d8
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 16:08:00 2008 -0400
strictcrlpolicy should be a bool, not an enum
commit 7466c55469425f2b2b771342eba257760d5080a6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 16:07:16 2008 -0400
updated changes
commit 85626772e97f48d219d5c2aa06a10bc2e7e5d5bb
Merge: 43eb353 238503f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 15:40:51 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 43eb3535a44d52be06875e7f21ff1a982b6528e5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 14:52:10 2008 -0400
add "crypto" as alias for "crypt" in plutodebug=
commit 14655d0347218683e98f504ef6b3e3d4478e6dd4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 14:51:03 2008 -0400
Add "bsd","kame" and "bsdkame" to protostack= enum
commit 238503ff2ec6f13b46fdda04a55020ccef6a34aa
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 14:39:13 2008 -0400
Set the default in confread.c for KBF_DISABLEPORTFLOATING to false.
commit 369d085ecadfb3db11d77b2f0939cd4865006812
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 14:23:01 2008 -0400
get_sa_info() support. Code adopted from Herbert/Andreas
commit 2572442872281e8fe5d731a65a9a198fcfca08e7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 13:45:08 2008 -0400
since quick_inI1_outR1_cryptocontinue1 and quick_inI1_outR1_cryptocontinue2
was changed from a void function to an stf_status return code, so we
could signal errors down the way, we needed to actually return STF_OK
at the end of these functions.
This is what probably caused the "exponentiation has not completed" errors
on my xen test setup.
commit 11a8071a0b8596ac341a6b406bce2b0b54710730
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 13:41:28 2008 -0400
updated changes
commit a77c9391ffe44e174ea4e654a3463d40eb09a98a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 13:39:14 2008 -0400
add warning about these defaults being ignored in favour of
addconn --configsetup
commit 783ead66726033550ea9ff5a970df38a11cda662
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 13:28:39 2008 -0400
Change default for KBF_UNIQUEIDS from no to yes
commit ac2720d316f643af15b94a3cb79c95cdec4dfa81
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 13:28:14 2008 -0400
Set KBF_PLUTORESTARTONCRASH to default to yes
commit 431ef067d2cebb3f8848776197c114ca3ba1e279
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 12:18:22 2008 -0400
Added strongswan vendorids
commit 6b2c635a8cf1b210808e6e2a7fc008d02009dfd8
Merge: 0b65699 7fa3746
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 12:08:01 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 0b656998def07aa52c323898bd7e1ee10242c33f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 12:07:34 2008 -0400
Fix debug lines
commit 2f09479ad6d6ad0d3355f23b6ba60b07908d9e4b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 24 12:06:19 2008 -0400
Set plutorestartoncrash to default to yes.
commit 7fa374612149484bc6c42b7129c4fb2c890057c3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 23 01:38:55 2008 -0400
Fix for crashes on some 64 bit platforms when curl couldn't successfully
resolve a DNS request prior to fetching a CRL. [andreas]
commit b12bb0fa265d27923734797c6530db70bb69ba2d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 23 01:34:21 2008 -0400
Added strongswan vendorid's
commit 13d60adf8a501ed021746d570b0e9a5a93fbeb84
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 23 01:03:24 2008 -0400
fix added debuglines
commit 8cf3dae2b7be9374a71cf1b32333ee7fb57a8102
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 23:11:57 2008 -0400
Add support for unstructuredName (UN) RDN [andreas]
commit c251140469624c6c2ec125858b0d359b329b8ae9
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 21:32:57 2008 -0400
updated changes
commit d92540aad7a35a615da73cd092632adbe33e3672
Merge: 280cee0 90bd1f5
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 21:12:10 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 280cee048203a4f4a04b46c02b2916df3633d3b7
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 21:07:40 2008 -0400
updated CHANGES
commit 90bd1f5474c25087442661b8391c541fe2d8fe57
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 20:49:08 2008 -0400
Added some debug information about found but ignored interfaces on startup
commit 4fdc197a82d031f610fb1ce10b480ad10254e8b2
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 20:48:22 2008 -0400
restore prototype for kernel_overlap_supported()
commit ce6cf8ff2f75bb462156d64098ff04ac74b98aad
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 19:39:53 2008 -0400
Comment out the select line in Kconfig - it does not seem to work as
expected (automatically enabling netfilter)
commit 5733372ed77caf99262629d80e5c199c571b0e1c
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 17:14:08 2008 -0400
Surround useful_mastno with #ifdef KLIPS_MAST.
Fix runaway comment.
commit c67affd1ff57d3813fdc3d894561c4893728df7d
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 13:00:42 2008 -0400
Added test for disable_port_floating in readwriteconf-22
commit 6a08f7d6921f68b474d5c18b583459ff70bf39e7
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 12:24:19 2008 -0400
Add support for disable_port_floating in 'config setup' in the new parser.
commit 9e113c4533d455461046fce73171be02fcbf229d
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 22 12:12:31 2008 -0400
Fix bogus ] char in string "debug-all]"
commit 0d439603f4f85feb548513281e582fa1d7f01724
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jun 21 14:19:15 2008 -0400
Applied small patch to suppoer DEFAULTSOURCE. This is bug
http://bugs.xelerance.com/view.php?id=954
commit af44970992ec7e1be00007f1dbc3cecd5d3cdf5a
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jun 21 14:13:53 2008 -0400
Disable "disable port floating" per default. This is bug
http://bugs.xelerance.com/view.php?id=953
commit ba52fb936803e4bbdc912c5364745b2f6a930249
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 20 18:12:08 2008 -0400
#ifdef out some ipsec saref for building on OSX.
commit 85c84a6aa602d71d23810919d1d01710bb57ade6
Merge: 7e8fb3d 3431df0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 20 18:10:45 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 3431df0b49604e2fa8f84d2dd2b8fb9dd303723d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 19 16:14:45 2008 -0400
Don't flush eroutes on mast
commit c4bab2d2dc56c8e8a8e3adf5ec04e24b4f126537
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 19 16:12:59 2008 -0400
Merge in missing commit d076fd5a6ed6a1d4aa93fc8480dc6ee8a08213f7
Cg: By deleting lines beginning with CG:F, the associated file
commit fe3de2cf7dd4cbabbad12e7d97bb0cdd5953460d
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 15 18:44:27 2008 -0400
Fix quick_inI1_outR1_cryptocontinue* to return stf_status, not void.
commit 7e8fb3d34ba970c8cda026b5ed1123816e760863
Merge: 4e6ff87 3d60418
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 12 15:10:59 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 0b49b4c149d69c4a0ac92d050e21f6b1b553ec08
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 11 10:12:42 2008 -0400
remove debug line for alloc_bytes(0)
commit e437434e0533b456ea587038014c8242d7a89241
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 10 13:41:00 2008 -0400
removed two echos which caused two empty lines to be printed [bleve]
commit 3d604183ab4132599f912039c49d49d8fe1643fd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 9 12:28:29 2008 -0400
Fix for http://bugs.xelerance.com/view.php?id=928
commit 02a3d29c12467a286e2e4d87d919c1ed56b0fda6
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 9 11:57:35 2008 -0400
Fix para tag in connmanual man page.
commit c7fd2745b6a17afbac2db976b874a4bf692cb2e0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 9 11:51:54 2008 -0400
addcommented out --perpeerlog option to ipsec.conf, add to spec file.
commit 02b700c8e9654bea1398d43febad57e083cccab7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 9 11:29:49 2008 -0400
Revert af family code in find_host_pair causing some connections to not
be found in find_host_connection2()
commit e089ab0fb276cf68be668bfc00c67aded583a367
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 9 11:26:26 2008 -0400
From bug #934"
ipsec_rcv.c produces a mem leak in the function ipsec_rcv_decap().
If the first two checks failed, the function jumps to the end without
assigning irs->skb to skb. In this case the skb will not be freed.
This means that all errors in the function ipsec_rcv_decap_once() invoked
by the second check and the IPSEC_RCV_BADPROTO check will produce mem
leaks.
Patch by Wolfgang Nothdurft
commit eb37e81803cae135df7f4f963fda96867bf7a501
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 8 23:02:31 2008 -0400
Fix a debug line causing a crasher when we attempt to lookup a
connection with right=%any with plutodebug=controlmore enabled.
commit 4e6ff87fcc00cb0df0f4092f70a0e7f1bab21fb5
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 8 15:42:13 2008 -0400
join two lines in shell script to avoid tabs getting in debug log
commit 1d0f3e1425e5d8e509c9e89e1623cbb60bd10cca
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 8 15:21:24 2008 -0400
Put kernel_overlap_supported() back, since the testing seam_*'s use it.
commit 7da33cb43c55758b6cb5beddfe0065cdf44d370b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 8 11:36:12 2008 -0400
KLIPS compile for for non-x86 on 2.4. kernels [Gilles Espinasse]
commit da51c7fa54be98a6f6cbfa26e04047bbd41363e0
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jun 7 20:24:19 2008 -0400
Set LDAP_DEPRECATED if LDAP_VER is set (from debian patch)
commit ea9bfa26ea98a758ab04d1444b51310465db4415
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jun 7 20:23:05 2008 -0400
Patch from Rene Mahrhofer for NETKEY backport to 2.4 kernel for
protocol add/del routines.
commit b82cd6a86526b155eb237d55ebb5afc2269fad74
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 6 19:25:39 2008 -0400
Added connaddrfamily entry to man page
commit 347543d076a1102faff2ef25c2c0716f628c6d6b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 6 13:38:35 2008 -0400
only display text "alloc_bytes1() was mistakenly asked to malloc 0 bytes"
when LEAK_DETECTIVE is set to avoid spamming production systems.
commit bc51a6782c84986a8c819033a36a87ee8c898b80
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 6 12:56:10 2008 -0400
Remove bogus rightid= line in conn from ipsec.conf.common
commit f8ede59e3134a398bdae3605e655a5681c6332fe
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jun 6 12:30:36 2008 -0400
remove duplicate tests
commit c93f2ff288bbcaa3615ff3579ffa6518a540c53e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 5 17:23:18 2008 -0400
Fixed man page and testcase to show specia CCM usage esp=aes_ccm_a-152-null
commit 6402b8a79f783e4a62dafc31c4af79efd4729e39
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 5 02:13:33 2008 -0400
revert f4cb60ccce9354d58bcc443a867e9eca84f43d0e, it breaks IKEv1 badly.
commit b545b221c8da2e2572b7b15afd43d67ad501356c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jun 5 01:49:46 2008 -0400
Fix in oeconns for misplaced ,
commit 98987a559e586c893b8eb12aa9b3571def269e07
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 23:03:55 2008 -0400
Change remaining spin_unlock to spink_unlock_bh
commit e912d39494d219d7078bea3aaaf410fb02a8af84
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 22:12:06 2008 -0400
Fix two logging calls indicated by gcc warnings
commit 40f59ff3b97bdf40d06b4e781e19934afebee433
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 22:01:30 2008 -0400
Compile fixes for 2.6.24+. Based on David's OCF patch for openswan 2.4.12
(work in progress)
commit 906e02ffb3410df029c6dd263b10f88fb23473ef
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 22:00:40 2008 -0400
Added comments in code for EVENT_NULL
commit 2a3d71fe8490c47093ff8d897f1a357e11f621c7
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 21:59:00 2008 -0400
updated CHANGES
commit 21781b960146dbab2c5de6165cd097be52a04f0e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 21:41:47 2008 -0400
Added NEED_SPINLOCK_TYPES (for >= 2.6.0)
commit 79f86108ee09151dc6245ff24d852f44397e780d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 14:51:08 2008 -0400
Add seam_spdbstruct.c, lost in merge.
commit 3ab85ff4d58065958058d8e32ccc7ca6ce492c0c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 14:40:26 2008 -0400
Change a SADB to K_SADB entry.
commit e850c96b814b88b200b6b5682d48f112013df3c1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 14:28:01 2008 -0400
update man page to reflect "-modpXXXX" -> ";modpXXX" change.
commit 1f5c7e879d0377590cb0c877199f220cd02023a9
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 14:23:54 2008 -0400
light change of wording for ikev2= keyword.
commit 4be61842c4e4e2c2412f33b02b74d1be6dc50643
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 11:52:03 2008 -0400
Fix module loading in _startnetkey, it accidentally used @@MODPROBE@@
instead of @MODPROBE@, but the error was send to /dev/null.
Also made the startup much more quiet.
commit 608e8367c91ad0c2c88876c668108a8b2f2832d4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jun 4 11:47:17 2008 -0400
tag fixes to xml files that generate ipsec.conf man page.
commit fa6a91046ec59cf9d935657560a703e434568a62
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jun 3 14:38:30 2008 -0400
Remove ipchains cruft
commit 2b720e1d781aed18733db29bad978756ec46e0f3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 2 14:57:47 2008 -0400
Fix for ikev2 rekey [herbert] - moves .timeout_event = EVENT_SA_REPLACE to
different state.
commit c9d2e1211d80a5146f8964692bc067788717e940
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 2 13:21:56 2008 -0400
updated changes
commit 071e7116b431539e135f40acefdd5f693b8640f4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 2 12:28:20 2008 -0400
Remove pexpect() on kernel_op's eroute_idle function, as we do not have
one for NETKEY yet, and the function was_eroute_idle() already deals
with that case with returning FALSE. This is bug #936
commit 65d051eeb67b9bc3708bf04d5d3bbeade9548ddf
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 2 11:44:23 2008 -0400
Fix errno calls, include errno.h
commit 945cd34ef2dd25bd91dec3f7a88e63083f3461cc
Merge: ac96500 d63d79f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 2 11:04:44 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit ac9650097f8a6dec05e3e91835f34a3d934a74e5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 2 11:04:01 2008 -0400
support for create_proc_entry for 2.6.24+ [david]
commit 8e67b9ea5a02f8e0913ee7decb31eaa7e249f4dc
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 2 11:02:47 2008 -0400
remove tdb spinlock [david]
commit c97f29541261e28a320bdf4f2a716347dac28009
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 2 11:01:13 2008 -0400
Use new PROC_NET macro.
commit ca75849edf14bd6b95e9b8aeeffbcb9cb05ec7d6
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 2 11:00:24 2008 -0400
Supporting defines for 2.6.24 and 2.6.25 for ipsec_kversion.h [david]
commit 0d849b77252828207a7e2e172428e9eb023f964e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jun 2 00:14:53 2008 -0400
Remove a spin_unlock call [David McCullough] for ipcomp.c
commit d63d79fae99b59afffccaad6c4088ded140a5eec
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 1 16:18:40 2008 -0400
Display error for chdir() on two spots that give errors (why?)
commit 1203aef777814501622c7053c613e2b162f27e2c
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jun 1 16:18:17 2008 -0400
SADB_EALG_MAX -> K_SADB_EALG_MAX fix
Added sadb_x_lifetime_packets to struct sadb_lifetime
commit 990f72d0c2cc7f3c6ed77ba15314688a600aa3ec
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 31 16:40:33 2008 -0400
updated changes
commit 5f3b8d2967d275f7aec532a5009d4ae94121d821
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 31 16:33:11 2008 -0400
Removal of AUTH_ALGORITHM_NULL. Fixes to kernel_netlink and
spdb_v2_struct.c for esp=null.
commit bf3cecff0fbf9dcf78164abbd34d5d3512cf0441
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 15:29:48 2008 -0400
Added comment.
commit c255b51c9da604323a918b265f870ce846217dc0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 15:26:23 2008 -0400
put in comment
commit a6bf7be75cdf4d3d230528795e4d0c53c306bd79
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 15:18:39 2008 -0400
Error when we have neither AH or ESP.
commit fdbb85e9cd9c0e3d581853be769c5f416cf3aba9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 15:12:38 2008 -0400
remove manualstart.xml from man page, update connmanual.xml to say it is
very obsolete. (Manual merge of -re d.ipsec.conf manpage update)
commit 8f3d8f13423efa852f0d495c61622d5aa3e2ec72
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:53:02 2008 -0400
remove generated ipsec.conf.5.xml from repo
commit c9fe4405be661bee33018c5546f556782104bc34
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:52:48 2008 -0400
Fix date of man page
commit 11737306df8c13318347c06ba3763bb498dd9b9f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:49:34 2008 -0400
fix date of ipsec.conf.5
commit 1cae3b6bcd4f1184cba238ba6c22b07e618a8819
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:48:04 2008 -0400
Add LIBBSDPFKEY to Makefile.inc
commit e77efc230a60a0c46673c82c53bd76f52be785f2
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:47:05 2008 -0400
restore oe.xml
commit 03e79f41349f64fb34bc3957b6ad21776c84760e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:43:21 2008 -0400
restore mistaken changes to include file(s)
commit b101ac8675e9fa289a1d306033744c379c0511d7
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:36:53 2008 -0400
put back ike policies to pluto_constants.c
commit bb23de1a390b947fbfe4b39e06c7f0aefac0ddd2
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:31:46 2008 -0400
Put back packet information in pfkey_print.c
commit 3cd75f4aee92dcecf9a3c4ae1275df117c2cdede
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:27:44 2008 -0400
Remove merge artifact of pre-moved packet.c and depend
commit 70dea0d22d15125a847ed44965bb19b0920aca2d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:15:36 2008 -0400
Restore parser.[ly] from before merge
commit 8a7a1396bdc27d316c4e254c1eb9fe5594923184
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:12:15 2008 -0400
put POLICY_IKEV2_ALLOW back into oeconns.c
commit e392ff010e68d15236f79c47fd2f7d5c99ce5a92
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:10:03 2008 -0400
put back ikev2 keyword parsing in keywords.c
commit e1b4f29c4dafe751ce386bdb69312d5bb4b67b5a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:07:22 2008 -0400
Add back ikev2 policy processing in confwrite.c
commit 46adbcc73575ea72254fa29d9e80c9ffe4c95d80
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 14:00:29 2008 -0400
Re-added ikev2 policy processing in confread.c
commit 027fb6ab1f72bc24871752b58983c9e0aacbd79f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 13:49:27 2008 -0400
Add back POLICY_IKEV2_ALLOW to default policy.
commit 6758b4a4666bfd9ba4105b05bb2bf8cc6291d216
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 12:19:22 2008 -0400
Added lefsubnets= entry for man page.
commit af8ec9499a5d1427bd7761e5aefb7aef3917fe39
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 30 12:09:10 2008 -0400
Added leftsubnets= to man page
commit d4801e1c2633de8fe34662cfaad873ad3d44a286
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 29 11:10:36 2008 -0400
From aead code to right spot in netlink_add_sa()
commit d93a541dd05d3e5da7100937a41e6843fcbb64be
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 21:10:55 2008 -0400
Add ikev2-algo-03-aes-ccm to TESTLIST
commit f08f4a876247ae6663e7d981cf134970d37ed7cf
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 19:44:25 2008 -0400
Merged in more BSDKAME files.
commit 2e659c1c1e074060d163ab24e21da6e7a41e62a4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 19:22:53 2008 -0400
Don't include linux/types.h on OSX
commit b6c93ccbf3fe0189ec63b5d6ac45a74b4bc54085
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 16:13:42 2008 -0400
fix call to openswan_log causing segfault.
commit c1f9b5f7e41267bff8bbbc7ad96058c970a82d2f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 16:11:13 2008 -0400
changed comment
commit cb26034a3902caea7082059db6d69746f8745c6f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 16:09:34 2008 -0400
typo in text in script
commit 6e0b0d40df327ed93ea2e022c3dfd75c8befcee5
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 16:08:25 2008 -0400
Changes to _startklips. call ipsec _startnetkey as fallback.
commit b2c4c62b8e42cb8b4fa6c2b3d5477cc2e8b37d16
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 15:53:20 2008 -0400
fix test case in _startklips
commit ad4d66550411cf1d0d8b608ab2584a4b77b5e65e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 15:44:24 2008 -0400
Added OAKLEY_CAMELLIA_CBC
commit 11067f62b9ad09753d75759e01cb37d3829cfd42
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 15:18:50 2008 -0400
Use 8 bit ICV in testcase ikev2-algo-03-aes-ccm
commit 25ec7dac2a800c33c5abe2cfcbbf9435cff0acc0
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 15:16:08 2008 -0400
Added testcase for AES-CCM (ikev2-algo-03-aes-ccm)
commit bb983e15a0fb9a3efca5b76000a840b89ae20fa8
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 15:04:41 2008 -0400
Define HAVE_UNISTD_H and HAVE_SYS_TYPES_H for linux's sysdep.h for
lib/libisc/random.c (else we need <bind9/config.h)
commit f4179aa6e59e1fb834615ae59a32c767a8cbd455
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 15:00:03 2008 -0400
fread() returns size_t, not a pointer.
commit 31da4acc4685e72424479aff2396e52177bc3bfd
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 14:15:36 2008 -0400
Added unsupported cases to alg_info_esp_v2tov1aa in alg_info.c
commit 4492329b334a429d9e8872ce4f29e314f490210a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 28 14:13:40 2008 -0400
Fix comment and line break anomaly
commit 6f753977e16114c81f734b53de5ad46cd2ae5aef
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 21:50:23 2008 -0400
Merged in openswan-3.x.x USEBSD code (for potential OSX work by a friend)
commit c230b43e6ddeef8ff9badb337228791c2c81bcf3
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 14:46:45 2008 -0400
Fix quoting in chdir() check
commit 1425c214a5ee0c0ed6ab9642eb17c9cde36dc2e5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 14:41:00 2008 -0400
fix strncat call
commit f631a3a9ecf244609b4bb8ba8a5b38f003b16469
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 14:39:54 2008 -0400
fix crypto include
commit 69e88a9d26c2cb7bae6968937d811d3fba05d930
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 14:14:50 2008 -0400
Merged in Herbert Xu's aead_algs (AES CCM) support.
commit dc8d3fac024583ac4e8bc663f4e15a519eebf788
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 14:13:24 2008 -0400
updated CHANGES
commit f8cfbad0719bf6e3777b244c4e9e2f3d50cf802a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 13:30:15 2008 -0400
Added new encryption ciphers to pfkeyv2.h
commit b2cbcda5aa70ed178081c9c908621c52d31f3d8a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 13:22:36 2008 -0400
Added ESP_* defines to ipsec_xform.h (should really be phased out, since
these defines are in sync with RFC values and can use ietf_constants).
commit 0da263822e8193e1e8b70c18c663e73781da695f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 13:17:00 2008 -0400
Added ESP_ names to esp_transform_name[]
commit 1369ac78b3bd8dcfdd689f3529d33c7d9bab58c7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 13:11:24 2008 -0400
Added new ealg names (eg AES_CCM_*, AES_GSCM_* and Camellia)
commit a454a8923b4b28bc5a36f5ace6f20b2f9a6f4fc2
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 13:04:35 2008 -0400
Added various IKEv2 related proposals to ietf_constants.h
commit cbde2097eee9a77d6536ad48c77b888a36ebe7f1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 27 11:43:08 2008 -0400
Added support to create/var/run/pluto/ipsec.info with NETKEY
commit 310841341bc708c73c296c93015871841c770f38
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 18:59:37 2008 -0400
updated changes
commit 82f72bb830ed0ff1b086b0db203685700a40606a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 18:58:52 2008 -0400
Enable USE_MAST (since its requirements leaked a little outside defined
code) for now.
commit 2981faf6ffe4e15b8b6188c5ae0b55e583341e74
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 18:58:11 2008 -0400
Remove USE_HWRANDOM, -DHWRANDOM and HW_DEFS defines. hardware random is
only used via /dev/random and the system should setup rngd properly.
commit 95d8ff65bea7bc6ca3f1667e4904a43778198d1e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 18:50:56 2008 -0400
updated changes
commit baefce21c5def3526d42da7a7f6692ebba5ec1c3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 18:27:47 2008 -0400
Populate /var/run/pluto/ipsec.info when using _startnetkey. The scripts
(and pluto?) should really be modified to no longer need this.
commit 12f589aaeea39698e6a1594610205cc950eeac14
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:53:28 2008 -0400
Fix two more strncat warnings
commit bfb18f55219fa1474a2f3085188fe14d761d622a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:50:52 2008 -0400
Fix two chdir() warnings
commit 0c1ce6fec5b27105c6a363d0aafcd43f83d0e0fc
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:39:34 2008 -0400
Check return value of chdir() in crypt helper failure. Remove unused
variable dying_breath.
commit 25beff75c9984c67224f392e2311e80b62a6f101
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:32:40 2008 -0400
Fixed another pks warning
commit afb5b360cb9d346e0de253ea1eca1d4d9f1bcbcf
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:31:41 2008 -0400
initialise pks to NULL because the compiler is not clever enough yet.
commit d8ef37d068272c1d895e19dbd87efa03b8858bc2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:29:37 2008 -0400
Fix potential overflow in strncat'ing to
ipcq->credentials[0].ii_credential.ipsec_dns_signed.dns_sig
commit 6a12b79da7249cc636b9672892ce7402194e4fee
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:23:54 2008 -0400
initialise needed_len to 0.
commit 5f8025fee885c6c9500c90b6adc8cb4ffa9c640e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:16:49 2008 -0400
also initialise trans_cnt to 0.
commit 396a7eb2b0f26398e794096060fcc223ed88b1ed
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:15:59 2008 -0400
initialise protoid to 0 to avoid warning.
commit 6a7c0411cb5677b7ef0023ec3754526eff1969b5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:14:32 2008 -0400
Initialised ealg_i to 0 because compiler was not smart enough to see it
could not be used uninitialised.
commit 04f7652b34a1befe783fb5993e0e0686c12b0aab
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 15:10:51 2008 -0400
Fixed incorrect change of 'const char plus' and buffer overflow in endopts
where gcc rightly complained that we were writing 3 more characters in
endopts then would fit (why didn't this actually caused pluto to crash?)
commit 3185e3fcacd6be23307db880ba71579cbb72d229
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 14:13:10 2008 -0400
Fix warning for unused return of chdir(dumpdir) in plutomain.c.
commit 9e16ddab435e69063c693fd7eff0bcd9e8d2b68d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 14:06:41 2008 -0400
Check return of write() in starterwhack
commit 35243ec037b42a5bf90ae95336840a149ebc35d9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 13:57:38 2008 -0400
Fix two warnigs on fgets and fread's return value being ignored.
commit 72c4cb20770c78bb0bf2dd79d8f25c03a69c78b7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 13:49:49 2008 -0400
check return value of chdir() in x509chains.c
commit 5569d07fd9a5d6f66b0c4b151c80773e2d4ca8dd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 13:37:40 2008 -0400
Added oe.xml for man page.
commit b3db3b5619957e809651d19a43e5b60002b551f0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 12:05:11 2008 -0400
changed packaging/redhat references to packaging/fedora
commit e9a2eabe1209c8f4a9f0f2be694f359fcdddef4e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 11:09:57 2008 -0400
reduce pktref[2] to pktref[1], as element 2 is never used.
commit f7119cbd58fbcb8a8681181e6573f3f27bda6cff
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 26 10:52:45 2008 -0400
don't try to print saref in showpolicy when we don't have one set. Fixes
a build warning.
commit 5cb67644a1c28c88b8919a04a958b89e5d4982a9
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 25 22:19:27 2008 -0400
Remove nfmark -> mark define as this is done in ipsec_kversion.h
commit 86ce860b2493c8400c274a5cebf73e155ccc1ee9
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 25 22:15:51 2008 -0400
freeswan -> openswan
commit 0a0b647cf02708ab45606450f33932946e22794b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 25 20:23:18 2008 -0400
Removed kernel_overlap_supported() since it seemed calls to it really
just used kernel_ops->overlap_supported anyway.
commit cbba2413eb4de6f0f4b6400ec1486af9724b8b25
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 25 18:52:55 2008 -0400
updated CHANGES
commit 3c3e108e3735be090428884180e7f702b6816fb4
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 25 18:52:10 2008 -0400
#930: 'best.len' and 'cur.len' may be uninitialised. Patch by Michal
Nazarewicz
commit 1680581573b4fb2fe3e44e6cf067970fdb2257b4
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 24 17:41:26 2008 -0400
Use iproute2-2.6.22-070710+ style fwmask for updown.mast
commit 73ebb4a5af112fcb28bcaf9e28426b7b8d012b04
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 24 17:37:30 2008 -0400
add line explaining virtual_host exclusion
commit 9ee119784620eb3aec36fd443438fb6e1ee4b85e
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 24 17:36:46 2008 -0400
put in protostack=netkey in default ipsec.conf
commit 1b2b300347e25ed9571175f6200a6772cb136528
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 23 19:34:32 2008 -0400
Added KBF_OVERLAPIP
commit 9b6460ac3d7cf4f090fbd203403f15092bd43296
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 23 19:15:53 2008 -0400
added overlapip
commit 6c3af441f62132db413c5d51b77f57354ce9882d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 23 19:13:43 2008 -0400
Added POLICY_OVERLAPIP
commit 62879eb9b6bf4820b6fea8f6a463c7144c745e6e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 23 19:11:48 2008 -0400
Added KBF_OVERLAPIP()
commit 283b1bf99ad141800bf5f85f689a8d06f4fb6c99
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 23 19:07:56 2008 -0400
Added debug_mast and debug_xmit sysctrl handlers to sysctl_net_ipsec.c
commit 1c9a30dc574be160e494f47167f8d5539b0536a4
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 23 19:02:19 2008 -0400
module call fixes
commit 7be9aaf74fa05691d3fcf2f35ec1f96127a060af
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 23 19:01:42 2008 -0400
changed wording in Kconfig descriptiopns (from #testing)
commit b9253e8a32da30778c29368c78281a92c621484b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 23 17:27:47 2008 -0400
Use HAVE_IPSEC_SAREF define.
commit 946095d39ed2a19fed12e60b9219ef36a02254de
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 23 11:04:39 2008 -0400
Fix silly script check for NETKEY + KLIPS again. sneaked back in by merge
commit cde40dc10b7f1237a7858a8323782e66ea5923d7
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 22 22:46:28 2008 -0400
Added Bart to credits for OCF work
commit 80a9d740fc06b19ea7806918ae5cf24b8c29ebb7
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 22 22:45:11 2008 -0400
udated copyright credits.
commit 0ce5342b72f98be993fbd9e966ee5ba87d851c61
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 22 22:42:32 2008 -0400
Update of CREDITS
commit f4cb60ccce9354d58bcc443a867e9eca84f43d0e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 22 22:27:18 2008 -0400
patch by Herbert for NETKEY and async continuation in state machine
commit e637bd8ae771ec3d9bd5d63db1fe6c6fc8bc3471
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 22 22:21:23 2008 -0400
packet_len is ssize_t, not int.
commit 28006e9365fd6e94b6da2cfa5132b5d9329abfa4
Merge: 3ace226 e5d17f1
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 22 21:24:44 2008 -0400
Merge commit 'vault/testing' (into vault/ikev2)
Conflicts:
.gitignore
CHANGES
Makefile.ver
lib/libopenswan/Makefile.depend
linux/include/openswan/ipsec_kversion.h
linux/net/ipsec/addrtot.c
linux/net/ipsec/ipsec_tunnel.c
programs/Makefile.program
programs/_startnetkey/_startnetkey.in
programs/_updown.klips/_updown.ip2.in
programs/pluto/Makefile.depend.linux
programs/pluto/demux.c
programs/showpolicy/showpolicy.c
testing/utils/make-uml.sh
commit 3ace2268892dc686c0dc7b5bd6f236434ec2a6d9
Merge: 11bdc64 fa0cb4f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 20:34:55 2008 -0400
Merge commit 'vault/ikev2'
Conflicts:
CHANGES
programs/_startnetkey/_startnetkey.in
programs/_updown.netkey/_updown.ip2.in
programs/pluto/ikev1_quick.c
testing/lib/libpluto/OUTPUT.spdbfirst.txt
testing/lib/libpluto/OUTPUT.spdbmerge.txt
testing/lib/libpluto/OUTPUT.spdbtest.txt
testing/lib/libpluto/efencedef.h
commit fa0cb4f41b4b8f930e74b55029b0e33acbd20ce5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 19:24:25 2008 -0400
added note on IKEv2. removed freeswan reference
commit b0b3788f654a90777dfc785ebf8d1042f321b9df
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 19:21:45 2008 -0400
Added ikev2= option to the man page, with bid down attack explanation.
commit c2874728dc0a5c3e92efc77081e8163e89859bfb
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 18:57:50 2008 -0400
updated changes
commit 59b03d58a3dbe9ca8e33a8a39cefa574ddc29856
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 18:54:26 2008 -0400
Remove warning "interfaces= is ignored when using the NETKEY stack". It
is misleading. It caused the introduction of a bug in Fedora 9, see:
https://bugzilla.redhat.com/show_bug.cgi?id=445179
commit 58a2f44d69686a595f6b55de3e40ca8d40a60b5b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 18:53:17 2008 -0400
Remove misleading warning "WARNING: interfaces= is ignored when using the
NETKEY stack".
commit ddf6672ee1821c16437db898c937dadd6b46957f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 17:31:33 2008 -0400
fix more modprobe -qv entries
commit c07277d4fbe15df0285bdb2d92664dbaa9b4f5e4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 17:30:49 2008 -0400
Remove -qv in modeprobe to be -q
commit 2ffe5d3c354866079f57c28cd7063a99fe02966e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 17:11:46 2008 -0400
Added include for limits.h
commit 113df71b421d79ec6c6689ed8441d2522be4549f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 15:49:04 2008 -0400
updated changes
commit 4a37196ad67817200174a9b2d899ac1e7f3c1e8a
Merge: d982281 e569633
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 13:23:05 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit d98228196d5cf014d8d959628fbabb8aee9bd10c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 12:41:53 2008 -0400
Updated "clear" policy file for L root nameserver's new IP for OE.
commit e569633347ac08d58e9195dc31655cb5e3f3de2b
Author: Antony Antony <antony at xelerance.com>
Date: Mon May 19 12:14:38 2008 -0400
Correct output of interop-ikev2-strongswan-06-aes192. Note packet is
still lost, and marked as "error".
commit 7a771c7c11f2896036be0c90e30a888060280fd8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 12:07:36 2008 -0400
Rename testcase to proper interop-ikev2-strongswan-06-aes192
commit c4cd1984d0c95af492c4e737b54f0a29fc038617
Merge: 658794c 27fe662
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 11:47:21 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 658794cf5cc1de8277fa7ca8f19519a5a21aac14
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 11:45:28 2008 -0400
Added testcase ikev2-strongswan-06-aes192. Output needs updating.
commit 01cbe6e5d6dacff7c473a028118501859e6dc137
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 19 11:40:20 2008 -0400
Fix prf_hasher vs integ_hasher mixup, causing interop failure when
using aes192. [herbert/antony]
commit 27fe66265c00ca4ce3dd28fafd8640e7df19dc2e
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 18 19:27:12 2008 -0400
Rewrite of IS_PARENT_SA() to remove some duplicate code.
commit 24ffedf9ead04c5c1b4888eb92180b52fe1ac03a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 18 19:16:51 2008 -0400
clarified a comment in packet.h
commit dd8e3e3a1e2aad8f34775dcc8cd9cbf65662f4b4
Author: Paul Wouters <paul at xelerance.com>
Date: Sun May 18 19:09:59 2008 -0400
Fix a few cases where we could use "en" uninitialised [dhr]
commit d2d770b185175b5779ad1e74764683dc2f49b039
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 17 15:43:29 2008 -0400
updated CHANGES
commit 0abd3949c7515c06df99cad3fe4441d256c7854d
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 17 21:32:43 2008 +0200
Added some more transform ids to ipsec_policy.h / ipsec_xforms.h.
Source: http://www.iana.org/assignments/isakmp-registry
Why do we maintain two lists in these files? FixMe?
commit e88563f88db915d2aeb52d5bd0ed70ebd98b27be
Author: root <root at unfindable.xtdnet.nl>
Date: Sat May 17 21:31:14 2008 +0200
Added case for AUTH_ALGORITHM_NULL (identical to AUTH_ALGORITHM_NONE)
commit b7d8e6a8b78dca4505988d3f2979b1cf8d14d158
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 17 21:06:34 2008 +0200
Fix broken auth_alg_name enum_names continuation. removed unused
placeholders for AUTH_ALGORITHM_IDxx.
commit b4fc8bbb80b9d305272d6f97ae6360a11671fd02
Author: Paul Wouters <paul at xelerance.com>
Date: Sat May 17 14:03:30 2008 -0400
Added AUTH_ALGORITHM_NONE to enum_names. Fixed missing AES entry.
commit a19c03ef9d553f7d0e9ab19a7528a915284fccdf
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 23:27:00 2008 -0400
fix modp group. also ping packet still does not show up. verify testcase.
commit ea6a20e8add9de08b81014a8b0fd10110f592355
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 22:15:03 2008 -0400
fix modp, but we still see an issue with the esp packet getting lost.
commit 4f37168398d2547c1ab64fd65ca6a2088d8c8756
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 22:01:16 2008 -0400
missing ";" in vals.conf caused racoon to not start.
commit 9a0991bef87ced615161f6dff7985005bbfa6a62
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 21:54:31 2008 -0400
commit new test results for ikev2-x509-02, bu with BROKEN placeholder,
since the test is failing.
commit 60f4ac4b64b309dbe99ad20a5d07f7cf4eb5aca9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 21:49:40 2008 -0400
Updated testcase output, not the test finally completes.
commit 6d8e998a3dd7d6290645dc114e668c3c35f1ba8c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 21:43:14 2008 -0400
updated t modp2048 output
commit 90f5fd0700595835b93cb3d56b6f026c9a9c28f9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 21:41:34 2008 -0400
updated output that shows AES IKE algos found and modp2048 when
configured on initiator.
commit 1067256a3d08a546382b2dd1e132cfb220b523bd
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 21:37:33 2008 -0400
updated output to match new modp24048
commit f5eb19672b167267c3818cba92ce2f3fbc3e0e13
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 21:36:00 2008 -0400
Match new expected modp2048 output
commit eecadf02b21552aa98e95dde56978aba2564732e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 21:34:54 2008 -0400
Fix output to match current modp2048
commit e5d17f14e39439b8574cf798e81bbe62fe2cf653
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 16:14:03 2008 -0400
Fix two bogus references in debug lines from "aes" to "3des" in
ipsec_alg_3des.c
commit ca9b6fb01218657516ceba02bdc7f61757ef0995
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 13:38:37 2008 -0400
Documented ipsec_kversion.h with http://lwn.net/Articles/2.6-kernel-api/
information per kernel release. Added MODULE_PARAM macro for 2.6.17+
commit 595f03942141e55bf73e027e5c44481f51d002f0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 13:37:45 2008 -0400
cleanup of MODULE_PARAM vs module_param using a macro in ipsec_kversion.h
commit 931ba7e23e189b09f29f81b64123a3e6194c0637
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 10:33:45 2008 -0400
Fix ID's for PSK in racoon interop test.
commit 6715f4e3d3318e6ce455ab5d182c17b5c878eb13
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 10:30:04 2008 -0400
Added include for limits.h needed for INT_MAX
commit b72f425d573ebbbcad414df400d22917b120059d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri May 16 10:25:36 2008 -0400
Added IKEv2_AUTH_NONE to switch in alg_info_esp_v2tov1aa()
commit 6dd824aabee2a8f71eb65fe1552c40692ba76e03
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 15 22:52:50 2008 -0400
Fix testoutput to the new ipsec_setup texts when openswan is not running
and a 'stop' is called.
commit 5655c16b35d2304563a2089cfde643fce3eb0a79
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 15 15:56:05 2008 -0400
missing "fi" in barf.in
commit e9362665b77eea9f095720f42bbed683728f1f2b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 15 15:55:35 2008 -0400
missing "fi" in barf.in
commit b2f9e667355d4122632672c49b96eb720bb2ba15
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 15 13:46:35 2008 -0400
Fix uml_netjig/port.c to use FD_CLOEXEC, not F_CLOEXEC.
commit 37390ace45fa8e9bc742b23fc86aeed89035682b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 15 13:14:54 2008 -0400
fix two occurances of include <crypto.h to <klips-crypto.h>
commit c55aebdcef1bfdf9f53c9ff82986172782475938
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 15 13:02:08 2008 -0400
Fix 3des keylength attribute sending (see bugzilla 30445) [herbert]
commit 5eccf0b21d6ad141ce1e2378c4bc94b59150cc15
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 15 12:54:03 2008 -0400
remove "text hardcoded" list of modp groups we support in logging message
commit d91a9d0ead3623f0367e1e77583684dac19a0c86
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 15 12:46:18 2008 -0400
Added modp2048 to the "authby=psk|rsa" default list.
commit d135c9dd35a70a7411689be82353f56d4e575cb4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu May 15 12:42:38 2008 -0400
Change unspecified default modp to 2048 (not sure if code ever reaches
this point, but it should not be 1536)
commit a48ad8b8a9ca2f56d30d1bebbc61c21ea38e9803
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 14 23:04:41 2008 -0400
Add conf-only ESP support [Herbert Xu]
This allows "null" for the authentication (but both authentication and
encryption may not be null)
commit c0a3ff0f505efc115507aae866c42980bf3a3b5e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 14 12:22:56 2008 -0400
updated CHANGES
commit 6eaed1175d8f5f579decb6dddb17e6d5047e3ddc
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 14 12:21:50 2008 -0400
Forward patch of http://bugs.xelerance.com/view.php?id=198 [bleve]
commit 646405611379b648a7dffcdd5c9e65b322086169
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 14 12:17:33 2008 -0400
forward port of #917
commit f4dde72bed8d7a6f6cad37ee8ddd08d48dd9c4a0
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 14 11:59:29 2008 -0400
Added ikev2_out_attr() - currently only supports KEY_LENGTH (only known
attribute at this time). Added support for sending and receiving this
attribute when AES is used. Based on patch by Herbert Xu
commit c86f2bbd1e8ce323741a6b4ff18d9f1e4de84341
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 14 11:57:21 2008 -0400
Added RFC 4306 3.3.5. [Transform] Attribute substructure
commit 30d157401523b0a8d8f711b61cde13a518177a59
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 14 11:56:11 2008 -0400
Added ikev2_trans_attr_descs and ikev2_trans_attr_val_descs[]
commit 7c9376e3567ebc01b161b064f2e330e2af48fef6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 14 11:55:25 2008 -0400
Added struct_desc ikev2_trans_attr_desc and struct ikev2_trans_attr.
commit 3515b5877350d83d06984610e510ee06500ff8ec
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 14 11:54:48 2008 -0400
Added prototypes for ikev2_trans_attr_descs and
ikev2_trans_attr_val_descs[]
commit 8ded3f08982d671edcf3dd9b30b5967bdfa9cf42
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 14 11:54:27 2008 -0400
Added RFC 4306 Section 3.3.5 ikev2_trans_attr_type.
commit 9da6ffa3e022448cf0dcfa4a3103d81ca24435f4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 13 13:30:22 2008 -0400
updated changes
commit 793b346d86a03223e1289e5594616d8503553f4c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 13 12:26:03 2008 -0400
Avoid malloc(0) by doing an early abort in show_connections_status() when
there are 0 connections loaded.
commit b3d3a51caf2ac73ff064039f285072d7f7b34d90
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 13 12:25:16 2008 -0400
If alloc_bytes1() is called to alloc 0 bytes, change it to 1 and log a
warning. Otherwise uclibc based systems cause an abort, due to a non-POSIX
way of handling malloc(0)
commit 25082f5ead3e969eba31883885f966ba0e3c5a06
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 12 23:11:57 2008 -0400
It should be MALLOC_GLIBC_COMPAT not GLIBC_COMPATIBILITY.
commit e4995f4608ed0e13017b07f8bc4bea863bcbfc07
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 12 22:39:03 2008 -0400
replace hardcoded "gcc" with $(GCC) calls.
commit 92c080f154db8535ae1d9c353518d980ad04abef
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 12 22:38:24 2008 -0400
Issue a warning about GLIBC_COMPATBILITY when using uclibc.
commit 7c8e4ac7ebb047275e37bc071968805c961823af
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 12 20:26:40 2008 -0400
Fix credits (it was not the bug reporter but another user who wrote the
patch)
commit b6184be0f009f814c7e7562e9c56e1e445755696
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 12 20:21:51 2008 -0400
Fix for IKEv1-only policies attempting bogus IKEv2 rekeys [ruben]
commit 68a1daaf9f2f3c65728d3a641e3ace2803984cf5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon May 12 20:21:35 2008 -0400
Updated changes
commit fd60cbe6309f4ccf13fb0a4ff2a3e26a7ce637e3
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 7 23:20:01 2008 -0400
Fix non-VOID_SOCK_UNREGISTER return code handling
commit 53aced7b8a63016042e7d1aa4e5afadc1c124940
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 7 19:37:24 2008 -0400
Don't use -qv (quiet and verbose) for modprobe
commit 6beb84be59a396490546d41a4aebc6461bb3bb67
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 7 19:28:45 2008 -0400
include linux/moduleparam.h on 2.4.x kernels.
commit a520932ebc0b41cb4ae99aa58db48d20e72b1dc9
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 7 17:55:02 2008 -0400
Remove unused clone_str() call causing a memory leak.
commit 966839dc530b4fdcf77ef9e84431c177f6b68a2c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue May 6 12:54:00 2008 -0400
Added modecfgwins/modecfgdns options to man page.
commit 1973ee2e90b7c93f76b8248a62cb2a0bf3e59123
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 28 21:48:54 2008 -0400
Changed BASEVERSION to 2.6.ikev2
commit 417d58db9fd759db499a01900304588170be72ec
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 28 12:17:03 2008 -0400
Added ikev2_trans_attr [herbert]
commit 2f6050eb97b88597edb14a5d63e14fcd09514f93
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 28 12:15:33 2008 -0400
Add OAKLEY_KEY_LENGTH attribute to aes key length to the sadb.
commit b7f7e530aef4419fada6c3b601ef9e8b0321e6b1
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 27 16:11:00 2008 -0400
Fix dependancies for crypto -> klips-crypto
commit 39d1ddf7fcc71652cd2546f54f33b96897f5678f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 24 19:06:39 2008 -0400
updated changes
commit 359f43948b022e70222a61497a4f3bae4a6d0155
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 24 19:06:05 2008 -0400
Renamed linux/include/crypto to linux/include/klips-crypto to avoid
confusion on #include "crypto/*.h". Linux 2.6.25 changed something that
caused us to clash with its crypto includes.
commit 6f4dedccba48822131135ed2f2b1df5f0fa94a85
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 24 14:42:03 2008 -0400
updated changes
commit fda738753a03aea44becaa49ea058a5df6fdecba
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 24 14:41:00 2008 -0400
Also remove c->alg_ike, as it is not used apart from one corner case
which could not be reached (without TPM) [dhr/paul]
commit 5d469bae688850a653574cac2f8709f7d6949789
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 24 13:55:10 2008 -0400
Remove c->alg_esp, as it is not used and causes a memory leak.
commit 2b3a845d595f2dbd44b94d76e44177799c29ed1b
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 23 09:05:50 2008 -0400
Set CLOEXEC it to suppress selenux avc denials on exec. Patch by
Neil Horman (nhorman at redhat.com)
commit 5c59fea8f9f75ba5eca251965f32f4a2e10323b4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 22 17:58:45 2008 -0400
Changes include/socket.h to include/socketwrapper.h, and modified the
files that include it. This to avoid confusion with sys/socket.h.
commit 4452b98c80a6fea8bd5e1e1a4b345ca41612651f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 22 17:48:27 2008 -0400
Added -I${OPENSWANSRCDIR}/include to uml_netjig/Makefile
commit 84f71999b3cd497cd3a76faaa7ff2559ecf0e40b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 22 11:18:25 2008 -0400
Socket wrapper to ensure we don't leak file descriptors. This causes
SElinux to log svc denials. Patch by Neil Horman (nhorman at redhat.com)
commit f4a4a3d5b729662fd47fd3d51b4648ddf415262e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 23:38:02 2008 -0400
Fix HAVE_DEV_HARD_HEADER #endif
commit dea281346c4c37d8612b20e317583971b50537ac
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 21:10:24 2008 -0400
updated changes for 2.6.12
commit 5d2e4db3ed4310a6fd9ead0ee0042b69ef1e13ac
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 20:44:25 2008 -0400
According to RFC 4307:
Group Number Bit Length Status Defined
2 1024 MODP Group MUST- [RFC2409]
14 2048 MODP Group SHOULD+ [RFC3526]
Therefor we switched to initiating using modp2048 instead of modp1536.
Note that we already did this for RSA, but we used 1536 for PSK. This
related to bug:
https://bugzilla.redhat.com/show_bug.cgi?id=441588
commit 077fc3c374b59052daa2301c46109fb8e64422ac
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 20:33:22 2008 -0400
updated CHANGES
commit dedb2a4f562090dc907cdf69236872aef0965513
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 20:29:44 2008 -0400
Re-apply c596d8f2bb00c7ad107ac4fa5cef7ea610beb217, which got undone by
c2edf8669d97260fc58f9dac80f3f612437cc9f6. This re-introduced bug
https://bugzilla.redhat.com/show_bug.cgi?id=432821
commit c9fea702a7fd16d3635e1284dece6df075f467b8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 20:19:25 2008 -0400
Herbert Xu's workaround for installing the keys in the wrong order.
This is a work around (not the proper solution) for
https://bugzilla.redhat.com/show_bug.cgi?id=439771
commit 58f08c9dcc30e7a5a06c9c0100f86b33bbaa9d6a
Merge: 9b6fca0 bc492e0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 13:46:22 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 9b6fca00c543d3cb0f702db0a392a9480e3eb4b3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 13:43:42 2008 -0400
merged.
commit b089de0aee09c38a3a6681ab924e997ca994f049
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 13:38:02 2008 -0400
HAVE_HARD_HEADER checks added to ipsec_tunnel.c for >= 2.6.24 kernels
commit 9c75a3c7970c416518ea8bbca7a165fb4524d707
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 13:36:59 2008 -0400
Define HAVE_SEQ_FILE (for 2.6.24 for now) - This kernel removed some old
proc functions which we are still using in klips.
commit d1f187732c5273c773bfe5996968e9bd703fdc04
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 13:35:25 2008 -0400
dev_get_by_name API change in 2.6.24
commit 554b0f1c4baa966b4a440054c7f2de1c4018f1a8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 13:32:16 2008 -0400
updated CHANGES
commit af6df7d55f621f446af57f1e21ee50349efb8036
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 13:30:38 2008 -0400
the ikev1 continuation was segfaulting usually due to a NULL state,
because only the first helper's continuations were cleaned up properly
(eg. on dpd, sa expires..)
Patch by Anthony Tong <atong at TrustedCS.com>
commit 624b66fd45f41f1d8a29fb0ad5e54dab084c3de7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 21 13:25:08 2008 -0400
Load ccm crypto module on startup when using netkey
commit bc492e0bb49770df4268567e9469995e38b7eebf
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 20 19:52:44 2008 -0400
include seq_file.h
commit fc74d9bb39f84a90f8b033e5c21a184521b4a3b2
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 20 19:51:52 2008 -0400
support new HAVE_DEV_HARD_HEADER
commit 3efd3b64fd3877a1dc66bd125ac5d3fcee510338
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 20 19:45:28 2008 -0400
Additions to ipsec_kversion.h for 2.6.24. Migration from old proc to
new seq_file not yet implemented.
commit 2da05b9bee4bce77f73900810adc5f45c171608b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Apr 20 19:38:35 2008 -0400
macro to support __dev_get_by_name, which api changed in 2.6.24
commit 97680b74ef1721ab5b89178cda1c2846728ba0e0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 18 19:53:06 2008 -0400
missing bracket.
commit 726f473df3233ce051e37507070453982bab7892
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 18 16:09:00 2008 -0400
Fix usage line of nhlpers to not say interval-time.
commit 4f42f186c32cef0e4dad4d9e56f986476b4ee343
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 18 16:06:09 2008 -0400
Also check for STF_TOOMUCHCRYPTO, so we can trigger 6msg exchange
(dcookies) on incoming connections.
commit 979efbffda8fcf2a6409f44b3650b20ac4f770f5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 18 15:43:42 2008 -0400
Fix size_t to ssize_t in rsasigkey.c
commit 01c19baf3255cd59fc48687d74e071debbcb07bb
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 18 15:40:55 2008 -0400
Removed unused variable from_len
commit ef826cb11fc3dd30607d1118a4ee181f99a10523
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 18 15:39:21 2008 -0400
Fix a gcc warning on ugh being used without initialisation
commit 4e14383e8afce89ea4d69f64c6d0f4dac5f536d9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 18 01:03:32 2008 -0400
Added IKEv2_ENCR_AES_CCM_* defines to ietf_constants.h
commit 501d00cb6895f466bd6e03638ab71753b2e87cd0
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 17 14:45:42 2008 -0400
update changes.
commit 8ea24db1835ad98a2125edcdf3832ffd78c20973
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 17 14:45:07 2008 -0400
Remove ike= line that creeped in by accident.
commit 963e3cf17f1e757ab51a0ff7ac5fb14217c1dcbc
Author: Antony Antony <antony at xelerance.com>
Date: Thu Apr 17 14:02:14 2008 -0400
added aes-*-modp1024 group by default to responder policy db
https://bugzilla.redhat.com/show_bug.cgi?id=439985
commit 328c2ae807b931cf2a3145067b5abfe3425e8da1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 9 14:54:40 2008 -0400
Added sha2.h if using USE_SHA2 to support sha2 with x.509 certs
commit 512c9e933ef13aa101bd5cde55d168b5450e63e6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 9 14:53:59 2008 -0400
Added OID_SHA2* values to oid.txt
commit f887b46ce40f08268da04867455d7eec50f25aeb
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 9 14:53:31 2008 -0400
added ../../lib/libcrypto/libsha2/sha2.h to Makefile.depend
commit a0a1adf1758fe8c4bf4c1a1bb4a54901c8dbd4bf
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 9 14:53:00 2008 -0400
Added SHA2_* digest sizes.
commit 625bc25203e61c2874736a5ab5d801705ad01a3f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 9 14:52:10 2008 -0400
Fix for #198 by Tuomo
commit 4cd77e636cfe531d1645a8b4214ce72b8a250754
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 17:11:39 2008 -0400
Minor tweaks to (working) testcase
commit 5776d203cebf07edb087d2c9c44e0527818c5761
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 16:50:05 2008 -0400
Temporarilly disable all the (very slow) OE test case, so we can run
multiple testruns on a single day.
commit 9bbed1bd3d12f94f4497a1991ded0d775f51a514
Author: Antony Antony <antony at xelerance.com>
Date: Tue Apr 8 10:24:58 2008 -0400
use v2 notification names instead of v1 names for enum.
return notify type instead of hardcoded no-proposal-chosen
commit df7e4751e258477ec231c57edf0a74c2a6fd83b8
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 03:49:40 2008 -0400
Add ikev2 interop issues to known issues file
commit 9d88936afa2eeb83876b39459f51c51df51c1310
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 03:48:38 2008 -0400
Updated CHANGES
commit 9d6a1daad05a9137fadd2309206dd3f4fb6cb589
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 03:30:52 2008 -0400
Mark the problem in the west-console.txt of
interop-ikev2-racoon-02-psk-responder, as the ping does not receive a reply
commit 5ffd3ca54f2bce101c4852edd3b6d3efce71e71d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 03:27:34 2008 -0400
Added console output for interop-ikev2-racoon-03-psk-initiator. there
still seems to be an interop bug, as we have no ip xfrm state.
commit 436c22a13553afc899054176e9c479e1125517e9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 03:23:20 2008 -0400
Fix a rather confusing (and wrong) error message on DPD when only one of
the two mandatory options (delay and timeout) was set.
commit 0efe4ea12e077bee046a1354ca3896827a558bee
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 03:21:05 2008 -0400
updated test output - Parent SA now established, but ping is still lost.
commit 5f4a21287ba4112f89fb32e410932656aea0f458
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 03:18:19 2008 -0400
the ping on west's console is lost. This is a real bug. Added a pointer
to the "known good" output so it will correctly flag as "FAILED"
commit 49fc7093a591469923c1c98583daa46410f4df99
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 03:06:14 2008 -0400
Added new AUTH_ALGORITHM_HMAC_SHA2_* cases to alg_info_esp_v2tov1aa.
commit 820782d1fac2ca90a025d2d49b62827368590107
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 02:55:12 2008 -0400
change IPSEC to IPsec n description test of spec file.
commit 1269325bbae3c3deb279426c7522ef8186a0db68
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 02:49:35 2008 -0400
Switch interop-ikev2-strongswan-03-psk-initiator from aes to 3des in the
config for strongswan to work around the aes interop issue. aes will be a
seperate testcase.
commit 154568b1943a87728d97211f504793884ed18e52
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 02:38:28 2008 -0400
Shorten pluto retransmit values for test known to fail and cause
retransmits
commit a7f907c618e28cb4c492946001c85e48558bd1ea
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 02:35:28 2008 -0400
Remoe old "bogus include" test.
commit c1a5ddfa5c9c6eb46b296c89abab7617e914ba78
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 02:30:49 2008 -0400
Starting the prf+ counter from 1 instead of 0 [herbert]
commit 7a6374e0ac34bb2501ca15f5d5630804213fdb7c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 02:28:16 2008 -0400
Updated spdb testcase output for new modp2048 groups
commit 57cce69422e0d0f4cc478675f36061e92af571ba
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 02:06:35 2008 -0400
EF_FREE_WIPES is not in ElectricFence-2.2.2.
commit 6bfb9c2c81753089109c819ca50ca338a210fa39
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 01:52:07 2008 -0400
Added missing comma's
commit 506d63b98b37e32fdaaa79e82a2f7deff4537b3d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 01:14:59 2008 -0400
Added st_ni/st_nr clone_chunks [herbert]
commit 2640bed3b898414f8d5adf2319898c5b9a8b5b8e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 01:10:45 2008 -0400
601be0efaedeb69514790d28f57cdbbf6121361a did not actually change the
enum_name's to enum_show's, it just added the warning about enum_show.
commit 600148382f4e7f36aee68582c97954657ca5add6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 01:08:51 2008 -0400
Changed another STF_FAIL to STF_FAIL + NO_PROPOSAL_CHOSEN
commit 00c586e001364fe3a2a56652a4f56b42a0b8fa80
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 01:03:22 2008 -0400
commit 2020ca89c13f553181329e69fab74c53ceb6e5f6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 00:30:00 2008 -0400
Added RFC 4868 Section 4 names.
commit 601be0efaedeb69514790d28f57cdbbf6121361a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 8 00:00:05 2008 -0400
Use enum_show() instead of enum_name() so it prints the unmatched entry's
number instead of (null).
commit c02e00443f3dab289c2829c5de97b821b2d1680f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 7 23:13:50 2008 -0400
Return STF_FAIL + NO_PROPOSAL_CHOSEN, not STF_IGNORE when we receive a
v2N message upon sending I1. Changes a few more STF_FAIL cases to use
STF_FAIL + <reason>.
commit adafe428a62d2d53105562948f8c9bad632ab35d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 7 22:44:08 2008 -0400
Updated test results to show new STF_FAIL+NO_PORPOSAL_CHOSEN output.
for interop-ikev2-racoon-01-noconn and interop-ikev2-strongswan-01-noconn
commit 55489ebfec3d2029947c5b8193320ec4c47a1abc
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 7 22:21:24 2008 -0400
Updated test output for interop-ikev2-strongswan-01-noconn
commit 84e12bed03180c177e849f8e11a94a208036eeb5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 7 15:05:42 2008 -0400
updated CHANGES
commit eb4ac82f66eecdc6b81e27e6e12a55e5953051eb
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Apr 7 15:04:42 2008 -0400
Use enum_name() with ppk_name, instead of a manual switch case. bug #919
commit f23ceb9bc9d223e3fe29d6483f4d72e7de39e226
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 4 03:19:20 2008 -0400
Updated interop-ikev2-strongswan-01-noconn with the new proper output,
now thatwe don't crash anymore.
commit 067b2454e39d178377d0b0dc68c1b8d308cf0a47
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 4 03:02:05 2008 -0400
Remove wrong Gr check added in previous version.
commit c5c33c0ca6c7e12fbf5b4232a55c39a754db9da4
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 4 02:54:57 2008 -0400
updated CHANGES
commit 77ea5993e46d34303fead8f751838144505ed31f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 4 02:51:12 2008 -0400
Ensure that we don't hit the wrong STATE_UNDEFINED state machine, when
we receive a NO_PROPOSAL_CHOSEN upon retransmit [dhr/paul/antony]
commit ab738c685350498b9878fad25c9c42a4447a6ce0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Apr 4 00:12:28 2008 -0400
If we don't receive a KE for our I1 packet, log the notify message and
return STF_IGNORE. We will then retransmit via the regular method, until
the configuration changes on one end to match the other. Returning
STF_FAIL or STF_FATAL caused oddness to be printed in logs.
commit f2f119a4d2397b87c8b501f938977468c2cb1995
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 3 23:20:12 2008 -0400
Added comment.
commit 67ea40ad5f529310473270899a3903bf96179e02
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Apr 3 22:36:44 2008 -0400
Update the stfstatus_names enum list. It hadn't been updated in a long
time, and was causing (null)'s to be printed, making debugging confusing.
commit 63e71b75662906f9b6dfb75f1077a7040b58255c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 23:30:40 2008 -0400
updated changes
commit 520e3ae7377855e7029ecbdb26af3c14f6b441b5
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 23:03:33 2008 -0400
Updated output of interop-ikev2-strongswan-01-noconn. Correctly shows
the crasher has been fixed.
commit e239a4a58767ea7e2b0e7b6c2af8aea4b0ec51d0
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 22:58:32 2008 -0400
No need to run a ping - we know this conn does not come up.
commit 8040dfffb687a6c75cdaf6a2f94e795967461f2a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 22:57:00 2008 -0400
Added dummy east.secrets file so we don't get a "cp" error in the console
commit 992b17af88fb848de119aa4b380149f3abe0ae55
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 22:53:41 2008 -0400
Updated testcase for interop-ikev2-racoon-05-x509-initiator. Seems to
work now, but requires racoon2 sanitizer.
commit 9f050a7aad44840492c7e8fd60ff1149e7bc6547
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 22:45:32 2008 -0400
Fixed output of interop-ikev2-racoon-03-psk-initiator. Conn seems to
work. But we need to add a racoon2 sanitizer script for the "fixed"
console output.
commit 9225a7e3f5a6664ec575565592aaf044b51187ad
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 22:38:31 2008 -0400
Racoon also uses subnets in this test. enable them on openswan too.
The test still fails and needs investigating.
commit 2f7724a1947031fda060633f13df0e2b78ab062b
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 22:24:41 2008 -0400
updated known good test output of interop-ikev2-racoon-01-noconn
commit e339d0fe349283c82f7656c0addf54d514ffe94d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 20:51:38 2008 -0400
Added logging to v1->v2 rekey.
commit 4b97dd8e33414ba4c481f1748a7e4a5d9a7ed087
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 20:32:46 2008 -0400
In ikev2_trans, isat_transid should be a u_int16_t, not a u_int8_t. This
caused interop problems on ppc64. This is bug:
https://bugzilla.redhat.com/show_bug.cgi?id=438826
commit 4c79289c1a543e1146998427ca332441820370ce
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 19:42:44 2008 -0400
The error logging for IKE policies had flipped the bool ? foo : bar
syntax, not logging "failed" when it was supposed to.
Also added a few comments, and changed a '+-1' to just '-1' in
ikev2_parse_child_sa_body
commit dbabba6d6a857cfa8a80d0b261e77338659f9fb7
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 19:16:02 2008 -0400
Remove an ugly unneeded goto statement which indirectly returned NULL,
and just return NULL.
commit 7758c9ba6e78105ec1469e15033ba3300ca0cdae
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 19:13:13 2008 -0400
Don't use KMEM_CACHE, doesnt seem to work for us (KLIPS only)
commit 58f094a3d3a5c813f46c3f6652bbcc845dd8d550
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 15:40:52 2008 -0400
It seems HOST_NAME_MAX vanished on Linux, so do the same sysdep.h check
and define it to _POSIX_HOST_NAME_MAX
commit b2d672e476db2fb4acddc897e90b16a127940473
Merge: 2d38d7c bc40ec6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 01:25:27 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 2d38d7ca487b187672c719f9ecd33e32699bfc58
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 01:24:56 2008 -0400
It seems c5eeb44654791bac97d9484b90b6c1b666152c3b got lost in the merge,
causing interop-ikev2-strongswan-01-noconn to fail again. It was redone
commit bc40ec692fde23ff444774a7d90ea147f364d91d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Apr 2 00:12:55 2008 -0400
Added two aliases to aliases.sh that Antony uses.
commit 12a4d2097052c06cbfa0ea51ec551e740946797f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 1 23:48:54 2008 -0400
Commented out 3 incomplete tests (x509-pluto-0[123])
commit 8d925b93365dd372e640960fc8e9382a8335d2f1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 1 23:44:20 2008 -0400
Add TESTNAME to the init scripts of x509-pluto-01
commit 102c8c25b25976f860bb938083963889bee2ecf0
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 1 20:29:56 2008 -0400
Only look for a bid down attack when we use POLICY_IKEV2_PROPOSE.
We cannot use POLICY_IKEV2_ALLOW, since this will cause two IKEv2
capable but not ikev2= configured endpoints to falsely detect a
bid down attack. The testcases (basic-pluto-01) clearly showed 60MB
of rekeying logs, bringing down the nightly test server with all
its ikev1 tests.
Also, only the side that proposed IKEv2 can figure out there was a
bid down attack to begin with. The side that did not propose cannot
distinguish attack from regular ikev1 operation.
commit 859f086c89d9d82295e5641f20ffb3c1ed25c512
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 1 19:13:35 2008 -0400
Fix the testcase name for ikev2-02-responder-send-notify in the output.
commit b6799c658eda90f94ad9c9b8543620e42da99472
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 1 18:20:16 2008 -0400
Changed west-console to modp1536 in the biddown attack test.. I am
not sure why this ikev2 testcase ends up using 2048, while all the
others use 1536. ("Life it seems, does have a sense of irony").
This way it will at least be flagged as bad until we look into it.
commit 8cae65a25c50092cf13fcc9411f0c368f06b7243
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 1 17:51:42 2008 -0400
Updated 6msg testcase with new "known good" output.
commit 6c580c329b2373383262ef6333b8122a5f1852e5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 1 17:43:39 2008 -0400
ikev2-05-basic-psk passes, but the wrong "good" console messages were in
place. It also correctly uses modp1536
commit 91690baf87e49cee088e366a8459890fe8cd8a1a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 1 12:42:40 2008 -0400
Include sysdep.h to compile on OSX.
commit a7ae2e55ab1462ef4e7aca6e576eb2b1e2e13c7a
Merge: a02986a 9ad5bd4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Apr 1 12:40:31 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit fef7581fb3e7116ca748aa3036116db3b80b2cc8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 31 20:33:37 2008 -0400
First rought cut at updating docs/RELEASE-NOTES.txt
commit e9a321c01ba063a07fd88612d521f64e8377f830
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 31 11:16:02 2008 -0400
Do not use the KMEM_CACHE macro for now, as it does not seem to work
properly for us.
commit e059c9ecdc88f704e56d8e58e9af4eff3a3f6a93
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 27 10:09:07 2008 -0400
Updates to debian files to make it compile on newer releases. Patch by
Ruben Laban.
commit efd88a6c7b03a15e047fb88775dd6010238c21d1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 26 16:11:29 2008 -0400
Add an X.509 certificate using SHA256 for testing pluto's sha256
capability.
commit 9ad5bd4cfe749ec28a0a97f0925870d622a02e44
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 24 16:46:57 2008 -0400
Allow skiping the NAT-T patch using the same mechanism as far the UML patch
commit e45180ec24f9f254124b13ef398f70815f26d2df
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 24 16:14:28 2008 -0400
Added CONFIG_CRYPTO_AES_X86_64 so that 'make check' runs properly on AMD.
commit 4f5086e440c4f36c7a61071b0a3ba7a0cb4e1024
Merge: 145e68d 4d374e0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 24 13:48:37 2008 -0400
Merge ../openswan.ikev2mcr_2
Conflicts:
testing/lib/libpluto/.gitignore
testing/lib/libpluto/lib-parentR1psk/testlist.sh
testing/lib/libpluto/seam_rnd.c
testing/pluto/ikev2-01-fallback-ikev1/west-console.txt
testing/pluto/ikev2-01-fallback-ikev1/westinit.sh
testing/pluto/ikev2-02-responder-send-notify/west-console.txt
commit c40470bc2bd042319033f38b2a3f678df6d92d58
Merge: 55fff46 d75da4a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 24 13:33:02 2008 -0400
Merge /vol/git/openswan.l2tpd into sony (which is #testing HEAD before this commit)
Conflicts:
CHANGES
Makefile.inc
Makefile.ver
linux/net/ipsec/addrtot.c
linux/net/ipsec/ipsec_ah.c
linux/net/ipsec/ipsec_esp.c
linux/net/ipsec/ipsec_init.c
linux/net/ipsec/ipsec_mast.c
linux/net/ipsec/ipsec_proc.c
linux/net/ipsec/ipsec_radij.c
linux/net/ipsec/ipsec_rcv.c
linux/net/ipsec/ipsec_tunnel.c
linux/net/ipsec/ipsec_xmit.c
linux/net/ipsec/pfkey_v2.c
linux/net/ipsec/pfkey_v2_build.c
linux/net/ipsec/pfkey_v2_parse.c
linux/net/ipsec/pfkey_v2_parser.c
linux/net/ipsec/sysctl_net_ipsec.c
programs/Makefile
programs/_confread/ipsec.conf.5
programs/_confread/ipsec.conf.5.xml
programs/_startklips/_startklips.in
programs/pluto/Makefile.depend.linux
programs/pluto/connections.c
programs/pluto/ikev1_quick.c
programs/pluto/kernel.c
programs/pluto/kernel_netlink.c
programs/pluto/kernel_pfkey.c
programs/pluto/pluto.8.xml
programs/pluto/whack.c
programs/spi/spi.c
testing/scripts/readwriteconf-01/west-flat.conf
commit 55fff4612036b39a7f44f36474d52b17d584b6b2
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 21 17:41:23 2008 -0400
dangling xml file
commit 5d5eab7c0b0efdfc44c8015c8598ce97bc7ea114
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 21 12:54:12 2008 -0400
Fix to compile with USE_XAUTHPAM=true - patch by folti
commit 145e68dbed16d60a4a761bbcb7f80aa31e52ae8f
Merge: 38a9970 bd4d90e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 21 11:26:10 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 38a997024a3fb63b81556385f5275e41fae6fe9c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 21 11:21:47 2008 -0400
Merging biddown
commit 3edb99748fc5697c05d1b842bab115167908e87f
Merge: ccd3501 6a81ce7
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 21 11:19:25 2008 -0400
Merge /vol/git/openswan.ikev2mcr
Conflicts:
testing/lib/libpluto/.gitignore
testing/lib/libpluto/lib-parentR1psk/testlist.sh
testing/lib/libpluto/seam_rnd.c
testing/pluto/ikev2-01/testparams.sh
testing/pluto/ikev2-01/west-console.txt
testing/pluto/ikev2-01/westinit.sh
testing/pluto/ikev2-02/east-console.txt
testing/pluto/ikev2-02/eastinit.sh
testing/pluto/ikev2-02/testparams.sh
testing/pluto/ikev2-02/west-console.txt
testing/pluto/ikev2-02/westinit.sh
commit bd4d90edcbd4eaacd3ae1f1a26437e2997936e07
Author: Antony Antony <antony at xelerance.com>
Date: Fri Mar 21 11:12:13 2008 -0400
commit with v2N names
commit 5e6d4cb2f13c25be481017529d90490a7ed4c4e0
Author: Antony Antony <antony at xelerance.com>
Date: Fri Mar 21 11:10:15 2008 -0400
renamed parentR1i1 to parentI1i1
commit a02986a133d0226a1dddd21b8c6bc9244044397e
Merge: 3594bee ccd3501
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 20 19:03:54 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 3594bee06fffe098b4c6b0dc587011ba521db12b
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 19 14:40:29 2008 +0100
Only define HOST_NAME_MAX when not already defined in the darwin sysdep.
commit 3ae9ab4ef3f587243deaf30e134019a50c149204
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 19 14:39:21 2008 +0100
Only define MIN(a,b) if it is not already defined.
commit 617d7ee771958dbc51d8a373665d751c124c4721
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 19 14:38:33 2008 +0100
OSX uses _SYS_QUEUE_H_ instead of _SYS_QUEUE_H. Check both to avoid
redefine errors.
commit 4d374e0b5b0915b830b8c5cdf8cbf5b77ad0c32d
Merge: ccd3501 de22c08
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 16 22:02:50 2008 -0400
Merge with #IKEv2, that includes v2.6.08/2.6.09 --- includes MODP2048 hack.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit de22c080873d2926391520eccb6cf4ed46b3bb0d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 16 21:22:41 2008 -0400
test case for BID-DOWN attack response.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1b472152c464f7e85470a83221d52216de0f5da0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 16 21:14:10 2008 -0400
avoid unpending phase2 SAs, if we are going to rekey with IKEv2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fa852b8cd42cc634657d9251acade915f23ac3af
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 16 21:10:51 2008 -0400
update Makefile.depend.linux to include ikev2_x509.c dependancies.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 86107437b112d53a0272093da7408e851d066be7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 16 20:46:11 2008 -0400
deal with rekey of PARENT_SA, when there is in fact no child SAs pending.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d03f2a2694e9f6a9b16f2250368b038f534dd15a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 16 20:44:23 2008 -0400
additional debugging added to timer event routines.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d446a836b2f27768fbf5f7f6d9e12027136e933c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 16 20:43:59 2008 -0400
an additional change to SA_ESTABLISHED()
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 79b650076ca696bac2a513554073a43d4c26a5d9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 16 20:43:24 2008 -0400
make IS_CHILD_SA_ESTABLISHED() check for an actual child SA state.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6362994966f93f56dd7149caa31fc957ac01bdf1
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 16 20:42:07 2008 -0400
when IKEv1 notices that the remote end has sent a IKEv2 VID and we
support IKEv2, then rekey the connection, and hope that we will get
an IKEv2 connection.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6a81ce7dd9a5cceeb5af65fbe1a00662f914b79d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 17:01:34 2008 -0400
added test case for recover from bid-down attack.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a08c1149bc24242e59b075ef3a67927f92247a23
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 16:56:13 2008 -0400
In testing of ikev2-03, it was noticed that the IPsec SA (CHILD/Phase2)
was not present on the responder. An error in the kernel interface was
suspected, and git bisect was used to narrow down the commit. The error
turned out to be that the IPsec SA lifetime was not set, and new code in
timer.c actually paid attention to the IPsec SA timeout, and so deleted the
SA instantly.
The solution is to properly initialize the SA lifetimes.
These values are not negotiated as they are in IKEv1, so just take those
values from the configuration.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 03c54cee93cf65cc38bf1b2ebbb4cec226113f1f
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 16:41:35 2008 -0400
rekey times are now set to proper defaults.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9e8c2511c9364aaa8b75bdeed57404eee1322a36
Author: Antony Antony <antony at xelerance.com>
Date: Thu Mar 13 15:53:40 2008 -0400
commit 9397575a7be3ac08e0d3ba183d27cfcaf3a7d886
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 11:42:32 2008 -0400
use a vendor ID for the flag that IKEv2 is supported rather than a
notification, as the notification does not work with older openswan.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5052db2669b8501dbe3d2b670e77f4ec80c5fec0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 11:41:48 2008 -0400
switched to using an VendorID for IKEV2 notification, as this works with
older openswan versions
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 039e9362f50d8861520808c8b3fa0f0f1eaea3b0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 11:10:55 2008 -0400
added notification of capability to do IKEv2
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 557fb1b1873c9f9c59a1c15f0358cc1e681a1d89
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 11:10:18 2008 -0400
test case for notification by responder that it can in fact do IKEv2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a1c7e49ebd88ff46114c5e97e17fd41b334d3488
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 09:13:49 2008 -0400
removed errant ikev1->ikev2 retry code.
changed all timers to be settable from environment variables.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 729c457b5886bfb0bc5516a7db793748d48ac732
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 09:12:41 2008 -0400
again updated fallback test case due to changes in way fallback occurs:
we have to run the continuation regularly so that the replaced SA will
get completed.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9f1850b37e8e53f23c9917d315b47edc2cdeb4da
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 09:07:20 2008 -0400
added whackwatch debug option to keep pluto from detaching whack
(mostly used for debugging)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 43edd7594a1d7b048192ac7744f4518540f98207
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 09:04:19 2008 -0400
functional test case for IKEv2->v1 fallback
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d1ba54658a37456511be3cbd5959574d4e66e232
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 06:47:42 2008 -0400
logic issue in selection of IKEv1 vs IKEv2 resolved --- if IKEv1 is
not enabled, then we were actually choosing it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2bf0a3e7bedf8451d78ff449d3c2a663065df78c
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 06:46:51 2008 -0400
when logging a failed state transition, be careful as the state structure
may not actually have been created if the failure was in I1.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e9a610f416daaf1dd278308cd514eee5cefa55ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 00:15:40 2008 -0400
fallback to IKEv1
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1b1f43d858eb810335913d2e59780ef139e8a9aa
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 13 00:11:21 2008 -0400
fallback to main_I1.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ad1061924700022564a932e3053d3ce8b03d6888
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Mar 12 19:31:06 2008 -0400
reliably send out many retransmits for I1
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dd8b17b4c2ed797f8775dc766049fa50b6e68954
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Mar 12 19:30:37 2008 -0400
this test case emits 6 IKEv2 packets, retransmitted.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cc75559cdb4f0375064994620387f91623e701ea
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Mar 12 01:16:11 2008 -0400
test case for retransmission of I2 packet.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 63fb316a5edc4010841296fc9238caed1ddadb0f
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Mar 12 00:39:59 2008 -0400
added retransmission timer and unit test cases for I1 retransmit.
Also fixed problem with leaking tpacket on responder, and with incorrectly
deleted event in successful state transition.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d369d964756cb9acf6c9fafa4caada16b26f80b4
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Mar 12 00:34:27 2008 -0400
adjustment of seams and results to deal with changes to retransmission code,
and permit timer.c to be included by I1retrans.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ccd3501f4c399df5b3b27324d110f9c0b01f0752
Author: Antony Antony <antony at xelerance.com>
Date: Tue Mar 11 01:19:27 2008 +0100
added v2N type names
commit b5a53a7edfa5ea8190d920322914fbec37fbc3f1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 10 13:55:57 2008 -0400
refactor handle_timer_event() to permit forcing of next timer event
easily, regardless of time.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9440107e2ae521cd355aef01ceaf5ff6bbb60eb1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 10 13:23:07 2008 -0400
change all unit tests to run with TZ=UTC to avoid changes in output
when the DST value changes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6541ff5de0876f4f436cea29a3c76d8d686b6f70
Merge: e181419 9cd2966
Author: Antony Antony <antony at xelerance.com>
Date: Mon Mar 10 11:42:50 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit e1814191c3c60b235d3b44394865d4e4daac4be6
Author: Antony Antony <antony at xelerance.com>
Date: Mon Mar 10 11:41:22 2008 -0400
libtest results for 6msg send notify and send i1 with notify
commit 61b805bdd15ffc823f57a5d978d3cfc0cb887587
Merge: 759363b 014120a
Author: Antony Antony <antony at xelerance.com>
Date: Mon Mar 10 11:34:34 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 9cd29661e8f0409dae89989c9193953375655b41
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 10 16:25:02 2008 +0100
updated changes
commit 19c5fe3136f78265c0679de2e9f109cbe2cfa394
Merge: d51a554 014120a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 10 16:23:44 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 014120abafef58a2a3fecf1323dc37756624ee54
Author: Antony Antony <antony at xelerance.com>
Date: Mon Mar 10 16:17:56 2008 +0100
factored outI1(mcr) and changes for 6msg exchange on initiator side
commit 449bac5887798ff169241499c97b64fbf64d61bc
Author: Antony Antony <antony at xelerance.com>
Date: Mon Mar 10 10:59:46 2008 +0100
updating 6msg xchange osw - osw tests
commit d51a554c3980ac7e50540716cf95a9b9651cf009
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 10 03:18:50 2008 +0100
updated changes.
commit e88b8783d65e79d0b8cf50898d96738c2e994fa9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 10 02:54:49 2008 +0100
Updated changes.
commit 84ec71118c6072bc1fef4935195d5bf3c5798552
Merge: ee88180 0a7185e
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Mar 9 16:35:11 2008 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit ee881808c2193af3f6d13c8edea3eb16e8880180
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Mar 9 16:34:36 2008 -0400
fix ping
commit 1f905c7342de6ca2b2a28a86c7233efed499df7b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Mar 9 16:33:18 2008 -0400
Add full charon debugging to strongswan tests.
commit 0a7185e44914717ae6712824cad3e0260eaaa92f
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Mar 9 20:42:56 2008 +0100
Fix eastrun.sh's ping
commit 8be4f20835611c88ea324f73a5ea98a47c674d5a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Mar 9 20:17:46 2008 +0100
Fix ID's used on racoon with PSK to "east" and "west".
commit 4ac4532b2880981de783a7ad2a2fb23050bfb045
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Mar 9 20:09:54 2008 +0100
Remove bogus NOTIFY log line.
commit d57199483238329204a22e2ea3f45b8bba9f2294
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Mar 9 20:06:38 2008 +0100
Fix interop testcases with racoon to use proper vals.conf values and the
right ping commands.
commit 9b5a964b42a93ef2a3b7d0dec9771ca772f42bfc
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Mar 9 19:27:57 2008 +0100
force update of vals.conf
commit cd13b510423eb3c7068881b4c5888d2f2019a84a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Mar 9 12:16:35 2008 -0400
Fix test output, but made sure the 1536 that is supposed to be there is
there (so this test now fails)
commit fa19f9516014d254b683a0a8c112cf0f68ad8145
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Mar 8 15:47:29 2008 +0100
Fix for #496. kernel_alg_esp_auth_ok() returns NULL, not 0
commit 34c8dfa5aee97c06872afa9d77bc5c151ab34792
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Mar 8 15:43:20 2008 +0100
uniqueid= patch from #testing. (by Herbert Xu?)
commit 420547de2dbcaeb8442825065d8f24b06aa35a81
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Mar 8 15:39:58 2008 +0100
Unorienting connections should also take into account that multiple
phase1's can exist between the same IP addresses, but on different ports,
if NAT is involved. (patch for uniqueids=, I believe by Herbert Xu)
commit 79e517905300007ff9c0e675cefa2c3a397041ca
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Mar 8 15:21:09 2008 +0100
removed more unused key files from interop tests with racoon
commit 2784170edf23f6e484c28ecc615c456f2a3ef962
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Mar 8 15:19:33 2008 +0100
Updated vals.conf in racoon interop tests. Changed path to use /testing/
keys and certs. Removed east.conf/east.secrets since they're not used.
commit 759363bd4ab325c1f59c89ca3588f3188632447c
Author: Antony Antony <antony at xelerance.com>
Date: Fri Mar 7 18:26:17 2008 -0500
commit 473c357f18b57e403a33e6c4f9ef276c13966354
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 7 22:44:06 2008 +0100
Fix HAVE_NEW_SKB_LINEARIZE define when CONFIG_XEN is set.
commit f1552921f2e3bc3b742d80af4b374d584ec6e17b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 7 19:46:00 2008 +0100
If we have protostack=netkey, but we did not find a NETKEY presence,
then do a quick modprobe to try and obtain it.
This is caused by unloading the module on "restart", and our bias when
nothing is found is for KLIPS, not NETKEY.
This is https://bugzilla.redhat.com/show_bug.cgi?id=432805
commit c2edf8669d97260fc58f9dac80f3f612437cc9f6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 7 19:15:48 2008 +0100
Fixes to bogus chars in updown scripts.
commit 098eefed14ba069783553f6e19f282245461b7a5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 7 19:12:30 2008 +0100
Fix more bad chars in script occurances.
commit c0c1fbf86d7fb7a2f5b53ac81dcf8666c70db484
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 7 19:10:03 2008 +0100
Fix another merged back in bogus character in the updown scripts.
commit 9a16ba3a9efbd2cb467c14f024fd0475b1538e1a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Mar 7 18:49:02 2008 +0100
Remove bogus <AD> character from netkey script (how did it sneak back in?)
commit 11bdc6459d4f35224f949069485db93a3683227d
Author: root <root at fc7-test1.(none)>
Date: Thu Mar 6 14:32:01 2008 -0500
attrs.auth is now attrs.transattrs.integ_hash
commit 64b6c81666f4b852f0bf3857c6d1bc5ef795d44a
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 14:26:30 2008 -0500
Fix the OSX workaround for bitstomask6
commit 6942b4a637cbd326ae3d621a82173b3af335e93f
Merge: 9e10ef4 229aeba
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 15:02:35 2008 +0100
Merge commit '229aeba' into merging
Conflicts:
CHANGES
commit 9e10ef4ea517fe6b3dfac66fab46c16a9fa71d50
Merge: c3c9899 22aa5d2
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 15:00:09 2008 +0100
Merge commit '22aa5d2' into merging
commit c3c9899205dd6e7198d09b2aa7cbbbbb543e6c3b
Merge: a13def1 1749586
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 14:59:39 2008 +0100
Merge commit '1749586' into merging
Conflicts:
programs/_updown.klips/_updown.ip2.in
programs/_updown.netkey/_updown.ip2.in
programs/_updown/_updown.in
commit a13def114aaefca9b294583b6fa93b8e3083dd45
Merge: 993aa9a c134a0e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 14:53:31 2008 +0100
Merge commit 'c134a0e' into merging
Conflicts:
programs/pluto/ipsec_doi.c
commit 993aa9a763d9fe9b50c608dd502620ac2f8e6491
Merge: d4c3030 cd30172
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 14:47:13 2008 +0100
Merge commit 'cd30172' into merging
Conflicts:
programs/pluto/demux.c
commit d4c30309e20f5393a1684f96d90ee37b1fa48598
Merge: 3f2bed3 98c4015
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 14:41:11 2008 +0100
Merge commit '98c4015' into merging
Conflicts:
programs/pluto/kernel.c
commit 3f2bed3bc66634b33f5d6d321892bb94780d346f
Merge: 2bed440 b77287f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 13:35:18 2008 +0100
Merge commit 'b77287f' into merging
Conflicts:
CHANGES
programs/pluto/ikev1_quick.c
commit 2bed440fd2fb5280a588a2dfd8f348e12ba2cccc
Merge: 4cf8896 4cb3fdb
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 13:32:47 2008 +0100
Merge commit '4cb3fdb' into merging
Conflicts:
testing/pluto/TESTLIST
commit 4cf88968207fe8f25e6a56db1f1b4db5acc97c76
Merge: 4987e10 af48568
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 13:31:45 2008 +0100
Merge commit 'af48568' into merging
commit 4987e10ab6bd6e2500aef0243f2e8d8b94adf6d6
Merge: 68e7aec f263b42
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 13:31:27 2008 +0100
Merge commit 'f263b42' into merging
Conflicts:
packaging/fedora/openswan.spec
commit 68e7aec3654f54b73a14de38e28e9eeb3273f926
Merge: 0f9ae5b c689e4c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 13:30:34 2008 +0100
Merge commit 'c689e4c' into merging
Conflicts:
packaging/fedora/openswan.spec
commit 0f9ae5b01dc6546e2e762b613867c9747c4497cc
Merge: a3fcc9d 87a103b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 13:28:23 2008 +0100
Merge commit '87a103b' into merging
Conflicts:
programs/pluto/kernel.h
commit a3fcc9d450dab2d4934f2a44a125dce9d5d43026
Merge: 6c48426 4d5d176
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 13:27:45 2008 +0100
Merge commit '4d5d176' into merging
Conflicts:
CHANGES
programs/_startklips/_startklips.in
programs/pluto/kernel_netlink.c
commit 6c4842630c43826382b9a5b0b87973f6c9eeb60f
Merge: cc9d586 d14f87f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 13:25:09 2008 +0100
Merge commit 'd14f87f' into merging
commit cc9d5869c3d3e7ef1fed5811042879b13e89cfb9
Merge: af0503d 96a8150
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 13:24:05 2008 +0100
Merge commit '96a8150' into merging
Conflicts:
packaging/openwrt/Makefile
programs/pluto/kernel.c
commit af0503d163e1115f9bacad83736ead3abc0d6166
Merge: d707b7b 6698dcc
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 00:38:41 2008 +0100
Merge commit '6698dcc' into merging
commit d707b7bab18ff60bf9397bb3904f877617b2e32d
Merge: 2e5c2f3 fe78923
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 00:38:22 2008 +0100
Merge commit 'fe78923' into merging
Conflicts:
programs/_updown.netkey/_updown.ip2.in
testing/pluto/netkey-pluto-01/westrun.sh
testing/pluto/netkey-pluto-02/east-console.txt
testing/pluto/netkey-pluto-02/east.conf
testing/pluto/netkey-pluto-02/eastinit.sh
testing/pluto/netkey-pluto-02/testparams.sh
testing/pluto/netkey-pluto-02/west-console.txt
testing/pluto/netkey-pluto-02/west.conf
testing/pluto/netkey-pluto-02/westinit.sh
commit 2e5c2f347befbc046a96157a485b62f0f88d6526
Merge: 2e2a426 e47a2bf
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 00:32:50 2008 +0100
Merge commit 'e47a2bf' into merging
Conflicts:
lib/libopenswan/copyright.c
programs/_startklips/_startklips.in
programs/_startnetkey/_startnetkey.in
programs/_updown.netkey/Makefile
programs/examples/Makefile
commit 2e2a42634ffbfe0ef6780a998e2c139b1120ee41
Merge: 98fedcc 8a2aac2
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 00:26:21 2008 +0100
Merge commit '8a2aac2' into merging
Conflicts:
include/pluto_constants.h
programs/pluto/connections.c
programs/pluto/whack.c
commit 98fedccb7dc3caf370be8f4d3858bfafc20b9b5a
Merge: 2e53671 8718968
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 00:21:49 2008 +0100
Merge commit '8718968' into merging
Conflicts:
programs/pluto/demux.c
testing/pluto/xauth-pluto-12/east.conf
testing/pluto/xauth-pluto-12/road.conf
commit 2e53671a7c7e545715f193a665cc897b662e2843
Merge: 8f44ec3 b96ae0a
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 00:14:34 2008 +0100
Merge commit 'b96ae0a' into merging
Conflicts:
programs/Makefile
programs/_updown.netkey/Makefile
programs/_updown.netkey/_updown.ip2.in
commit 8f44ec3e5bb34bd3bf0c200d2f98ccfa9708d6d8
Merge: 4b8b838 ac0c138
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 00:08:36 2008 +0100
Merge commit 'ac0c138' into merging
Conflicts:
Makefile.inc
programs/pluto/Makefile.options
commit 4b8b8389a4a6fd6c7f432897da2fa8a26a6ed393
Merge: 79edd00 d293174
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 00:06:34 2008 +0100
Merge commit 'd293174' into merging
Conflicts:
programs/_startnetkey/_startnetkey.in
programs/_updown.netkey/Makefile
programs/_updown.netkey/_updown.ip2.in
programs/_updown/_updown.in
commit 4ecf298148e5c3074e7ba70fa2428cce1fa32cfe
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Mar 6 00:04:07 2008 +0100
fix modprobe call for amd-rng.ko
commit 79edd001b2aa63ec3e6ce679ff12c0020f81c5fc
Merge: b7b106d 35f22e4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:52:51 2008 +0100
Merge commit '35f22e4' into merging
Conflicts:
programs/_startnetkey/_startnetkey.in
commit b7b106dea68b8cd991f5ea2465598228b269500a
Merge: 3b73402 662b7ec
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:49:06 2008 +0100
Merge commit '662b7ec' into merging
Conflicts:
programs/pluto/nat_traversal.c
testing/scripts/showhostkey-03/keys-console.txt
testing/scripts/showhostkey-03/keys.sh
commit 3b73402dd509fefea27296f608b609d6d6638530
Merge: 7e15f69 4e93147
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:44:30 2008 +0100
Merge commit '4e93147' into merging
commit 7e15f6910a865292fcd383cf2d67eba7786df147
Merge: 377408b 9ffe582
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:44:10 2008 +0100
Merge commit '9ffe582' into merging
commit 377408bee2373d602021432dc2f2984b4e8d1758
Merge: f06a184 8aeccc4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:35:58 2008 +0100
Merge commit '8aeccc4' into merging
Conflicts:
programs/pluto/kernel_netlink.c
programs/pluto/kernel_pfkey.c
programs/pluto/kernel_pfkey.h
commit f06a184ace905c63284e66f7eafdc495ee3baf1a
Merge: 5e7ebed 8df0447
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:24:40 2008 +0100
Merge commit '8df0447' into merging
Conflicts:
linux/include/openswan/ipsec_kversion.h
commit 5e7ebedcd9a1dab63a6a1a2474685616ccba0e53
Merge: e3ef264 0f1ce28
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:21:10 2008 +0100
Merge commit '0f1ce28' into merging
Conflicts:
programs/pluto/plutomain.c
commit e3ef264813c8b5b9939698b02498f7942a4e4a09
Merge: 9ee188d 060af83
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:20:17 2008 +0100
Merge commit '060af83' into merging
commit 9ee188d99f2cdc61e47b6c9f85cfaa1dc8ed6d72
Merge: 2a1b8ac 505d8cb
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:20:04 2008 +0100
Merge commit '505d8cb' into merging
Conflicts:
programs/pluto/kernel_netlink.c
commit 2a1b8ac8378c762898dd2e6f492ee4385ac9ebcf
Merge: ce3592e 7c6847d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:19:04 2008 +0100
Merge commit '7c6847d' into merging
commit ce3592e3405ee12e629fb87a7abb4696952c895f
Merge: 4f9f339 999d241
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:18:50 2008 +0100
Merge commit '999d241' into merging
Conflicts:
linux/include/openswan/ipsec_kversion.h
commit 4f9f339266669422adc17960f6c801323e227cc8
Merge: 94eeccd ba89c7e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:17:58 2008 +0100
Merge commit 'ba89c7e' into merging
Conflicts:
linux/include/openswan/ipsec_kversion.h
commit 94eeccd4b69902eec1b463da529b0180e81f1e17
Merge: 3b4c926 131c852
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:16:11 2008 +0100
Merge commit '131c852' into merging
Conflicts:
linux/include/openswan/ipsec_kversion.h
programs/pluto/vendor.h
commit 3b4c92688ac4eb997a3a6240c18959dced769d92
Merge: 6b10dcf bc666c1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:14:10 2008 +0100
Merge commit 'bc666c1' into merging
Conflicts:
linux/net/ipsec/ipsec_tunnel.c
commit 6b10dcf3a14caab64fb4aa0c13b04d38be45d11c
Merge: 71c364d 31f92cf
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:10:44 2008 +0100
Merge commit '31f92cf' into merging
commit 71c364db6af568d679071ae29a27170a2f35363c
Merge: 5dce141 cc328bf
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:09:51 2008 +0100
Merge commit 'cc328bf' into merging
Removed two duplicate called (merge artifact)
Conflicts:
programs/pluto/ikev1_quick.c
commit 5dce1414789e8634d139b249d46f21d22c911063
Merge: 3c6fc53 8e06f66
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:06:32 2008 +0100
Merge commit '8e06f66' into merging
Conflicts:
programs/_realsetup/_realsetup.in
programs/examples/Makefile
commit 3c6fc53dfa7660bc09bfca46368b6569672fe031
Merge: a1214be ff1f79a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:00:24 2008 +0100
Merge commit 'ff1f79a' into merging
commit a1214bee5e2386c80bef354fd9ba1107aa474107
Merge: 004da3b 9baca3c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 23:00:12 2008 +0100
Merge commit '9baca3c' into merging
commit 004da3b2e65e7c7695dce5d3a8d892b4d05b6477
Merge: 2207300 3bd288d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 22:59:21 2008 +0100
Merge commit '3bd288d' into merging
Conflicts:
linux/include/openswan/ipsec_kversion.h
packaging/fedora/openswan.spec
packaging/openwrt/Makefile
programs/_realsetup/_realsetup.in
commit 36b38f18dad64d815a530a051b454449447d4542
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Mar 5 14:13:30 2008 +0100
Added readwriteconf-23 that tests various kinds of comment (#) placements.
Fixed file name in readwriteconf-22
commit 22073009c0c401836a3f2c37b2813495f9b9d2d5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 4 19:17:59 2008 +0100
Files that were changed but not marked as updated.
commit 3e9e955872192031331391d875a123baf78c3e06
Merge: a26027c f6744d5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 4 19:15:52 2008 +0100
Merge commit 'f6744d5' into merging
commit a26027c8b81d25c265f5b8dcc6cdd880ab0bb233
Merge: 8eb52a2 288529a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 4 19:10:25 2008 +0100
Merge commit '288529a' into merging
Conflicts:
linux/include/openswan/ipsec_kversion.h
linux/net/ipsec/ipsec_init.c
linux/net/ipsec/ipsec_sa.c
linux/net/ipsec/ipsec_xmit.c
linux/net/ipsec/sysctl_net_ipsec.c
commit a5870ca21d1bea671f46cb5042766462de58ef54
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 4 18:29:10 2008 +0100
Add conditional defines for s6_addr16 and s6_addr32 - OSX does not define
these.
commit fb1511e184d76afa680b42080083967c8a845fc7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Mar 4 18:27:24 2008 +0100
s6_addr32 is not defined on OSX.
commit 5a978231274f50a4c02d478ea0f45ec9ff39240b
Author: Antony Antony <antony at xelerance.com>
Date: Tue Mar 4 10:38:47 2008 -0500
updated libtest to send out I1 after receiving v2N(C)
commit 8eb52a290dc0aaa4f3910aca11c647114b829c01
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:41:16 2008 +0100
Fix merge anomaly.
commit b035f83367afb2321ca4040cf6d7a69cbe8ddbb8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:40:02 2008 +0100
Fix two more anomalies.
commit c61e14b98378836c4a95e43ef368f984b04ec442
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:38:43 2008 +0100
Fix commit anomaly where file contained "<<<<"
commit a1f6c09565463ef442c242b0d2de7d58a7f25ba7
Merge: 0c7ccd9 42c7973
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:37:16 2008 +0100
Merge commit '42c7973' into merging
Conflicts:
programs/pluto/nat_traversal.c
programs/pluto/vendor.h
commit 0c7ccd9d03c4e6de53e7450dc266d5499dac919d
Merge: ac7d805 dd23aa2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:34:09 2008 +0100
Merge commit 'dd23aa2' into merging
Conflicts:
programs/pluto/nat_traversal.c
programs/pluto/vendor.c
programs/pluto/vendor.h
commit ac7d805f02a6545f73262aa1dffa508b96ad8a77
Merge: 7409773 a96acad
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:28:53 2008 +0100
Merge commit 'a96acad' into merging
commit 7409773b292d8f83da7d358ebcbc4eea3cc0f869
Merge: 6212e0e 0802e45
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:28:41 2008 +0100
Merge commit '0802e45' into merging
commit 6212e0e86d37664bf61f2b00efbe2e85b2708ffd
Merge: 480d036 45e0103
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:28:26 2008 +0100
Merge commit '45e0103' into merging
Conflicts:
programs/pluto/nat_traversal.c
commit 480d036e5f59c6bcb74ce16c663ddb419eaae5a0
Merge: d313508 4a637aa
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:27:33 2008 +0100
Merge commit '4a637aa' into merging
Conflicts:
linux/net/ipsec/ipsec_xmit.c
commit d3135081f6e5c9770296fccad822287556ae7a00
Merge: c84b52f 9cd46a3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:26:22 2008 +0100
Merge commit '9cd46a3' into merging
commit c84b52f3c5197dd8409f45a77b24294486864bd4
Merge: 988180e 7bc2792
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:26:00 2008 +0100
Merge commit '7bc2792' into merging
Conflicts:
linux/net/ipsec/ipsec_tunnel.c
commit 988180e9f9a23df91d588504fa332a58677f1e59
Merge: b9451d8 07b9991
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:23:08 2008 +0100
Merge commit '07b9991' into merging
commit b9451d888215e7dc3430eb8cec738e876879bffd
Merge: 52e38a2 9123ff8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:22:53 2008 +0100
Merge commit '9123ff8' into merging
Conflicts:
testing/klips/saref-alloc-01/saref-console.txt
testing/pluto/transport-03/east.conf
testing/pluto/transport-03/west.conf
commit 52e38a2dcbe04bb9f227aebf49277332da8fb386
Merge: 7abc18e 92299a7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:20:11 2008 +0100
Merge commit '92299a7' into merging
commit 7abc18ecdca85c7a073b318a339c6a9421c309b3
Merge: 412d927 2985a81
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:19:58 2008 +0100
Merge commit '2985a81' into merging
Conflicts:
testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common
commit 412d9271750b526a295ebb5a03a1b786d54f981b
Merge: 09481ff 002ef2b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:17:57 2008 +0100
Merge commit '002ef2b' into merging
commit 09481ff82b0b2eca1639eefbe963543b129eb84b
Merge: bcd2c31 47e1291
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 22:17:33 2008 +0100
Merge commit '47e1291' into merging
Conflicts:
include/ietf_constants.h
include/ipsecconf/keywords.h
include/names_constant.h
include/packet.h
include/pluto_constants.h
lib/libopenswan/constants.c
lib/libopenswan/packet.c
lib/libpluto/Makefile
programs/pluto/Makefile
programs/pluto/demux.c
programs/pluto/ikev1.h
programs/pluto/ikev1_main.c
programs/pluto/ikev2.h
programs/pluto/ikev2_child.c
programs/pluto/ikev2_parent.c
programs/pluto/ipsec_doi.c
programs/pluto/ipsec_doi.h
programs/pluto/spdb.c
programs/pluto/spdb.h
programs/pluto/spdb_print.c
programs/pluto/spdb_struct.c
programs/pluto/spdb_v2_struct.c
programs/pluto/state.c
programs/pluto/state.h
programs/pluto/vendor.c
programs/pluto/vendor.h
testing/lib/libpluto/.gitignore
testing/lib/libpluto/FLAGS.parentI1
testing/lib/libpluto/FLAGS.spdbv2
testing/lib/libpluto/Makefile
testing/lib/libpluto/OUTPUT.parentI1.txt
testing/lib/libpluto/OUTPUT.spdbv2.txt
testing/lib/libpluto/TESTLIST
testing/lib/libpluto/parentI1.c
testing/lib/libpluto/seam_demux.c
testing/lib/libpluto/seam_ikev1.c
testing/lib/libpluto/seam_pending.c
testing/lib/libpluto/seam_rnd.c
testing/lib/libpluto/seam_spdb.c
testing/lib/libpluto/seam_x509.c
testing/lib/libpluto/spdbfirst.c
testing/lib/libpluto/spdbv2.c
testing/lib/libpluto/whackmsgtest.c
testing/lib/libpluto/whackmsgtestlib.c
testing/scripts/TESTLIST
testing/scripts/readwriteconf-03/east-flat.conf
testing/scripts/readwriteconf-19/east-flat.conf
testing/scripts/readwriteconf-20/west-flat.conf
commit bcd2c315ef07cd6c807488fc166275aedfbdfe1d
Merge: eb8590b 6abc588
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:57:14 2008 +0100
Merge commit '6abc588' into merging
Conflicts:
programs/ikeping/ikeping.c
commit eb8590b503caeddbfac5d2269202434978adb448
Merge: 986984f 27024b9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:55:13 2008 +0100
Merge commit '27024b9' into merging
commit 986984f2095d8a877242784e502a3719f56dc450
Merge: 1a02b6c e50689d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:54:47 2008 +0100
Merge commit 'e50689d' into merging
Conflicts:
programs/ikeping/ikeping.c
commit 1a02b6c7ecc171fde9dfc72a45a8ff280c9815ba
Merge: 236ea16 5f468ca
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:53:07 2008 +0100
Merge commit '5f468ca' into merging
commit 236ea16de07ee52c7d2f8e94f85a14ea668da8d4
Merge: a0ecbb1 b443c04
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:52:41 2008 +0100
Merge commit 'b443c04' into merging
Conflicts:
testing/scripts/showhostkey-03/keys-console.txt
testing/scripts/showhostkey-03/keys.sh
commit a0ecbb1b5888935dfc272cd872b8d2c766018d08
Merge: b0e855f 89d1b1d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:47:00 2008 +0100
Merge commit '89d1b1d' into merging
commit b0e855f6e2ce7629cbb8abdf9a80fde6d489ae71
Merge: 47c47f8 7d8b813
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:46:25 2008 +0100
Merge commit '7d8b813' into merging
Conflicts:
programs/pluto/ikev1_quick.c
testing/utils/functions.sh
commit 47c47f8bb0dde854f812462afcc1efb8239a0cfd
Merge: d951d81 45fc11c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:30:17 2008 +0100
Merge commit '45fc11c' into merging
commit d951d814a6e637694eb84b5c9464abf1fdc947a5
Merge: 61798e4 e6693fb
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:29:08 2008 +0100
Merge commit 'e6693fb' into merging
commit 61798e421f97e23af08c25bf57ab974ea6cdfbcd
Merge: 202e951 f2e7b4d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:26:12 2008 +0100
Merge commit 'f2e7b4d' into merging
Conflicts:
testing/pluto/fail-x509-07/eastinit.sh
testing/pluto/fail-x509-08/eastinit.sh
testing/scripts/showhostkey-01/keys-console.txt
commit 202e951909bee9278f0ca7d848d4a00c8a9dcc4d
Merge: e5cf76a 105316e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:24:20 2008 +0100
Merge commit '105316e' into merging
Conflicts:
testing/baseconfigs/east/etc/ipsec.secrets
testing/baseconfigs/north/etc/ipsec.secrets
testing/baseconfigs/west/etc/ipsec.secrets
testing/klips/saref-alloc-01/saref-console.txt
commit e5cf76a5d4d33818f1c0676d53d40c6d17f1fee3
Merge: ecbc038 a776d5a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:21:06 2008 +0100
Merge commit 'a776d5a' into merging
commit ecbc038953621c088e29e3bdd6ec75833cfa79d6
Merge: bd4bbad add7d5e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:20:47 2008 +0100
Merge commit 'add7d5e' into merging
commit bd4bbad4bd0b7047bfac10da20cde586ece25cd5
Merge: 7e20d3d c07436b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:20:31 2008 +0100
Merge commit 'c07436b' into merging
Conflicts:
Makefile.inc
commit 7e20d3dec787a08a19293daa873d583f8628cd6f
Merge: 12da422 0c2b36b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:19:59 2008 +0100
Merge commit '0c2b36b' into merging
commit 12da4228a740ef765c9f94e32fbd635d26b56e67
Merge: cd4ddf4 3b8a2a7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:19:46 2008 +0100
Merge commit '3b8a2a7' into merging
commit cd4ddf41ec9b5adae038d46dce6c42612116a21f
Merge: 77a9ab4 e0b7749
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:19:22 2008 +0100
Merge commit 'e0b7749' into merging
Conflicts:
testing/lib/libpluto/Makefile
commit 77a9ab47053c71dd29f7282d2bb1bb347c00c9a5
Merge: 08e5997 0f2d143
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:18:11 2008 +0100
Merge commit '0f2d143' into merging
commit 08e5997e96df6a49ba643dc87fe613e1a105f207
Merge: 6d0bbfe df46260
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:17:59 2008 +0100
Merge commit 'df46260' into merging
commit 6d0bbfe4437a02936cda3dea8b04f8afbc79e0f9
Merge: ca73c97 b4db345
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:17:50 2008 +0100
Merge commit 'b4db345' into merging
commit ca73c977326a8360b111af56edb4c3912a0ef563
Merge: a0c4de6 f6d3db5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:17:37 2008 +0100
Merge commit 'f6d3db5' into merging
Conflicts:
testing/pluto/xauth-pluto-03/road-console.txt
testing/pluto/xauth-pluto-10/road-console.txt
testing/pluto/xauth-pluto-11/road-console.txt
commit a0c4de622a8b2cb52bd9f6edf1615ba7d63efe2d
Merge: d3e600c d24ee3c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 21:16:15 2008 +0100
Merge commit 'd24ee3c' into merging
Conflicts:
testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common
testing/baseconfigs/north/etc/ipsec.conf
testing/lib/libpluto/Makefile
testing/pluto/fail-x509-07/east.conf
testing/pluto/fail-x509-08/east.conf
testing/scripts/conf-multinet-01/ipsec-flat.conf
testing/scripts/readwriteconf-01/west-flat.conf
testing/scripts/readwriteconf-02/east-flat.conf
testing/scripts/readwriteconf-04/west-flat.conf
testing/scripts/readwriteconf-05/east-flat.conf
testing/scripts/readwriteconf-07/transport-flat.conf
testing/scripts/readwriteconf-10/road-flat.conf
testing/scripts/readwriteconf-16/east-flat.conf
commit d3e600cdab0ae3fb76d81f7cc77cb34d6d6115eb
Merge: dcfb4fb d63640a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 20:58:56 2008 +0100
Merge commit 'd63640a' into merging
Conflicts:
testing/baseconfigs/genx509keys.sh
testing/baseconfigs/north/etc/ipsec.conf
commit dcfb4fb5dee01898439d76f44ce2f19da8d3d6d4
Merge: aa54099 d1ec235
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 20:55:34 2008 +0100
Merge commit 'd1ec235' into merging
commit aa5409979ee085310feffaa241d695e3ab1c77e1
Merge: b862ca6 0500a7b
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 20:55:22 2008 +0100
Merge commit '0500a7b' into merging
Conflicts:
testing/pluto/fail-x509-06/description.txt
testing/pluto/fail-x509-07/description.txt
testing/pluto/fail-x509-08/description.txt
testing/pluto/x509-pluto-03/description.txt
commit b862ca6ed2787165e72bceb3395c36da7a6c88ab
Merge: 48426d2 16aa4ea
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 20:53:42 2008 +0100
Merge commit '16aa4ea' into merging
Conflicts:
testing/baseconfigs/east/etc/ipsec.d/private/east.req
testing/baseconfigs/north/etc/ipsec.d/private/north.req
testing/baseconfigs/west/etc/ipsec.d/private/west.req
commit 48426d2708f0dbdb33e863dfff2becc1a8fc9f4f
Merge: c4700b5 2e6467d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 20:50:20 2008 +0100
Merge commit '2e6467d' into merging
Conflicts:
testing/pluto/aggr-pluto-03/north.conf
testing/pluto/fail-x509-02/east.conf
testing/pluto/fail-x509-02/north.conf
testing/pluto/fail-x509-10/east.conf
testing/pluto/fail-x509-10/north.conf
commit c4700b5917141d483c4bba1da8aab4fa29ab9a82
Merge: e61009a b704170
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 20:38:15 2008 +0100
Merge commit 'b704170' into merging
commit e61009a98ca0ee5610e1c308120c84ec84436d0f
Merge: 8391bd1 79879f8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 20:37:39 2008 +0100
Merge commit '79879f8' into merging
commit 8391bd15c4637a2ca7a50ff18e61d2a31ab6c4d7
Merge: 016e21e 2f14e96
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 20:36:04 2008 +0100
Merge commit '2f14e96' into merging
Conflicts:
testing/x509/dist_certs
commit 229aeba7d8352b6627d9c214024565b06877c139
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 18:55:45 2008 +0100
Grr. left in an old '
commit adf968d5b313392309004b36af2d2975b42a82b7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 18:41:20 2008 +0100
different versions of ip -o route get give different output. Use sed to
match
commit 90948e116fce513ff55f4217d63445d20e34299f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 18:17:12 2008 +0100
Pick the device name, not the IP address, from the routing table.
commit f28e9c59c31ebe6a0e683ccf36bbb415bde367d2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Mar 3 13:16:58 2008 +0100
Instead of routing via PLUTO_INTERFACE, determine the proper interface
from the routing table using "ip -o route get $PLUTO_PEER". Patch by
Tuomo.
commit da1457d477439be553d015e7570059da16cb4213
Author: Antony Antony <antony at xelerance.com>
Date: Sun Mar 2 07:31:49 2008 -0500
fixed sending v2N payload
commit c72d2174e3856bf34a5a1894a2b4da59b833b888
Author: Antony Antony <antony at xelerance.com>
Date: Sun Mar 2 05:59:18 2008 -0500
make the spi size in v2N cookie payload zero
commit a29d11ca5b2e903f19293b0ee76140e14f547e78
Author: Antony Antony <antony at xelerance.com>
Date: Sat Mar 1 19:17:52 2008 -0500
test ship_v2N
commit b6fab4cb8b3f9b5c0a262ad83981d48913872118
Author: Antony Antony <antony at xelerance.com>
Date: Sat Mar 1 11:44:04 2008 -0500
going to factor out send_notification
commit 016e21e1f2b47c92bac6ab8a72372d2314925817
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 29 14:19:25 2008 -0500
cleaning send notify code
commit 730ff2789d91f8e7a94636b14916521c4d9e1837
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 29 11:07:47 2008 -0500
pretify the 6msg exchange code
commit 1a76b6261509961267dfcfd4f85c0fa1dbf58245
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 29 08:11:31 2008 -0500
verify the dcookie in the re-send(with cookie) I1 packet
commit f686a4eb944b7652210d0fbc4aef27d3f05c2724
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 29 06:41:13 2008 -0500
added reserved to Protocol IDs
commit 8c7da82d742e5902aeaf01e266ca6e5f4cb2fcea
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 29 06:19:52 2008 -0500
added ikev2_notify to union playload
commit 4f1b4c4046bff30baf3a8af7e324dfa7809f17d8
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 29 06:11:52 2008 -0500
put a dummy to ST_FAIL when initiator receive a v2N DOS COOKIE
commit 2c13e1f0c4d983099b98f9c17e54e1c2e68b9554
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 29 05:55:46 2008 -0500
exported force_busy
commit e4835697c5d91fe209d46c01a7567e57bd7a96a3
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 28 20:29:58 2008 -0500
disabled forced_busy now
commit d44f27660f65135c83910007a340ce00f27bdf58
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 28 20:15:22 2008 -0500
added extra files
commit 71730ee4847c33b85e64f8f2804d26b5d6ccc891
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 28 20:15:00 2008 -0500
I1 in notify with dcookie out. not a real R1.
commit 427634859dc8d574137e9522fe6191da454ee908
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 28 20:11:40 2008 -0500
we can send Notify packet as a receiver.
commit a238a3f6a806157b68be2169a66658cd116ffe46
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 28 19:18:25 2008 -0500
fixing send notify
commit c0a94d5e9bde832118c91b7a77c9ec54ea40f476
Merge: a6c5bf4 5068eac
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 28 12:00:27 2008 -0500
Merge branch 'master' into 6msg
commit 5068eac6d8ce52e6829962c7549e56f4a45175ef
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 28 12:00:06 2008 -0500
change the order dh proposals I1 default to modp1536 and R1 will accept all
commit a6c5bf44c4342ee6e2cc1bd271a6ea7ebc64ada4
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 28 11:59:09 2008 -0500
commit b9bfdd3b2fd95d7fe0b8fa00169b998d1b72d215
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 28 10:27:38 2008 -0500
working sending notification
commit 4d04cf6452495d7152ec80957e28edf8432ffef6
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 28 02:17:27 2008 +0100
updated CHANGES
commit 22aa5d20410ecb0ced59313f143440036a7f53b7
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 28 02:16:37 2008 +0100
Quick date change to prevent the xml file from being newer.
commit 0b7a549307111b42d7ca49b2a77bb5e75fcb0b4f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 28 01:52:53 2008 +0100
Added netlink_shunt_eroute() - This fixes the issue where no passthrough
routes (or other shunt eroutes) were installed on netkey as ip xfrm
policies.
commit c91c6fbe1ebaf26ecf65d151ffa440f1a9d3e07a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 27 21:58:23 2008 +0100
Fix _updown.netkey to use ROUTE instead of ROUTING variable. Update to
XML page.
commit 29ef40e4b7f485711ef3b3650871c1e803c6b050
Author: Antony Antony <antony at xelerance.com>
Date: Wed Feb 27 11:13:36 2008 -0500
added definations for v2 notify packet
commit 1712c7b9701edf0850a7a95e17f90abda64a205c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 27 11:03:11 2008 +0100
Fix to updown when ROUTING is not set.
commit af3cf3d3ec04304d636c759a6634c5dc27e64332
Author: Antony Antony <antony at xelerance.com>
Date: Tue Feb 26 19:50:06 2008 -0500
working on 6 message
commit f47a674302fc3f6e25eb1c26fabbf93204c93ab3
Merge: 43b6013 b12ac25
Author: Antony Antony <antony at xelerance.com>
Date: Tue Feb 26 08:12:18 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 43b6013b7355fa8f574b69cc20234ab3e7a013c7
Merge: a68c317 b12ac25 e98e76c
Author: Antony Antony <antony at xelerance.com>
Date: Tue Feb 26 06:24:08 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit bd2713bec537ed6493c1e5d4ead99624e8cc27d9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 26 12:08:22 2008 +0100
remove trailing ; in contrib/scripts/look
commit 4f4befcf90270261ece739dee88bb5af2d48823e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 25 21:23:59 2008 +0100
Update to leftupdown= man page with Tuomo's example use.
commit 1749586ef9d2c51d4404aaf54afe563015377b6f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 25 21:14:03 2008 +0100
Newer version of _updown.netkey by Tuomo Soini
commit e98e76c57001cc9141fa942f480f48970b9fa4a3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 25 20:55:14 2008 +0100
Fixes to struct ikev2_notify
commit 6d3bbcda8b4e2d0c5ac9dbc7f9043e74285c9c54
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 25 20:32:49 2008 +0100
Added struct ikev2_notify to packet.h
commit 671260527d481dec7815a08b73153b6887e0c161
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 25 14:53:44 2008 +0100
Added aggr-pluto-04-cookies testcase.
commit db461ea72b31ac8126e19b909e37e4b5ad09527a
Merge: a0e4ff7 c596d8f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 25 14:40:32 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit a0e4ff7c44eedb40d30a9359c89bb1b6ef04c6bb
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 25 14:01:05 2008 +0100
Added --force_busy option and force_busy keyword. This boolean will
be used for forcing pluto into "Denial of Service attack" mode, and
will cause pluto to use the IKEv2 6 message exchange and IKEv1 cookies
in Aggressive Mode.
commit 4dd644c7cb0180e599e1debd17bf26b253249ac8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 25 13:57:53 2008 +0100
Move definition of HOST_NAME_MAX into sysdep.h in case it is unset,
instead of hardcoding it in different places (myid.c rcv_whack.c).
OSX uses _POSIX_HOST_NAME_MAX. Addedd it also to win32 sysdep.h, because
I cannot test whether it needed it (no win32 machines available)
commit 846a5d8071b58a62b34e5ffd4045e2b549f299f4
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 25 13:24:21 2008 +0100
Add testcase for 6msg exchange in IKEv2.
commit c596d8f2bb00c7ad107ac4fa5cef7ea610beb217
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 17:20:36 2008 -0500
Do not delete routes in prepare-client, these were only used to clear
routes before installing new KLIPS routes (eg for when pluto crashed).
This is causing the leftsourceip=/rightsourceip= setting to be deleted
again.
commit 73cfa57b468f38d9ca2397a06a4c2e9380ca4453
Merge: 1575143 dbff31a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 17:13:42 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 1575143862d1501271d8c27eb6e9e7a73d3abd94
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 17:12:05 2008 -0500
Added testcase for Tuomo's "ip route add unreachable sub/net
commit 4fd99f87cd38493c24e2d469728d02f63d34cb7a
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 22:00:12 2008 +0100
Remove bogus chars in _updown.klips too
commit cc00711131cad4b0af1c3c849841e961f6471649
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 21:59:06 2008 +0100
Remove bogus chars in the _updown version too
commit dbff31ab34c9a16f79dead3e5a090885f08db768
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 21:57:44 2008 +0100
Remove bogus chars in the _updown version too
commit bfae247e650e926561fa3ee1bf9ad6e725297acb
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 21:56:53 2008 +0100
Remove bogus chars in the _updown.klips version too
commit 369b6249756f111533b797061f91a6b5808b1c8d
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 21:50:39 2008 +0100
Removed bogus hyphenation chars from updown script.
commit 6c2aaab9daf41da079072fb1b7914782f5856358
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 21:49:40 2008 +0100
Removed bogus non-ascii chars. Somehow some software did some weird
hyphenation on this file.
commit 3a82f8abd040053986446c2a37943c31794683ad
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 21:29:51 2008 +0100
updated netkey-pluto-03-sourceip to use ip range not on other interfaces
commit d314c000c9fe700e3475cf31d286aa84acc15121
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 17:38:49 2008 +0100
Use "ip route replace" instead of "ip route change". the former also works
if there is nothing to update (eg it turns into "ip route add")
commit 768b17d6917ca3d6b328373af99cac5fb1dc9d41
Merge: 161de5d cd25a67
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 17:14:25 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit cd25a67601b08bc651779d2c5e7963ad31926cf9
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 11:12:21 2008 -0500
Updates to ikev2-05-basic-psk and ikev2-x509-01
commit 9bbabc63fba6a42d12fef2f83d722588e9bf76aa
Author: Antony Antony <antony at xelerance.com>
Date: Sun Feb 24 11:11:58 2008 -0500
Added netkey-pluto-03-sourceip to investigate a bug reported by RedHat:
https://bugzilla.redhat.com/show_bug.cgi?id=432821
commit 161de5dfd73e4d4e87e4013106e6d5945639bff1
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 16:50:40 2008 +0100
Pass testname to the kernel cmdline= if available. This allows for taking
action within the host (eg based on shell aliases, to assist manual runs)
commit b15c15c2a47e6ed33145f9f41ab663602f7f3539
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 24 16:34:39 2008 +0100
Added westnet-eastnet-sourceip for netkey-pluto-03-sourceip
commit 8e117057918355be69a3c3e70a14455cfd01ba51
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 23 13:26:36 2008 -0500
Added *.secrets to testcase (instead of loading a lot more certs).
Fixed init.sh scripts.
commit a2a0d1d133949435a5ff66eb4b70a6b8c5341600
Merge: 19fc2c7 e74f5dd
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 23 09:46:25 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit e74f5dd5235275e1845cd0b3b6a13b19075817d3
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Feb 23 12:21:40 2008 +0100
Use the new local scripts
commit 19fc2c7f20ceb7e00fae53559125874f822123ee
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 22 13:24:35 2008 -0500
Use new nlocal.sh files so we don't copy old keys into our setup
commit 1b3fb5f45670346e98c0f42a4fd55e8bf4fc76d8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 22 13:12:19 2008 -0500
Committed proper output of successful test for ikev2-04-basic-x509.
Also undid accidental commit of pluto logs in /var/tmp.
commit b12ac2572be805b72cb707f083c824421c3eb86e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 22 12:26:20 2008 -0500
Made note in description this is the PKIX out of bound test.
commit 7e5e2c211cfa9b176b20e1b1b309aced6be349b9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 22 12:25:09 2008 -0500
load the right certificate for ikev2-04-basic-x509
commit f1933c7d5715f681a7a0fb6e864058dd8a224268
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 22 17:18:07 2008 +0100
Put back older versions of linux kernel headers for netlink.
commit b5fa5eb1033ee3b73f7121a8ba3e593be21f8226
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 22 14:47:31 2008 +0100
Always use XFRM_MSG_UPDPOLICY instead of XFRM_MSG_NEWPOLICY. This avoids
errors on roadwarriors switching between internal IP's and reconnecting,
where NETKEY says a policy already exists (possibly because we do not
properly delete the policy when we delete the phase1, and the XP clients
delete their phase1 after 1 minute of idle time)
commit a68c3173b3456a771863e7980295882cbe901a21
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 22 05:12:42 2008 -0500
interop: child and parent SA established. need to check if the tunnel is correct.
commit 8810f9c481e4ce0520ccf8514caac0e0529cb6db
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 18:27:50 2008 -0500
Updates to ikev2-04-basic-x509. Does certificates from disk (out of
band PKIX). RSA sig error?
commit e465116e0be8352ce01495eff1fd8c51908ca387
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 18:19:02 2008 -0500
Added eastnlocal.sh, like westnlocal.sh which copies not appends,
the ipsec configs
commit acacb0a869d8f3bb1a9644958ed29a8f0fb7285f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 17:01:44 2008 -0500
Marked new console output of ikev2-05-basic-psk as good.
commit 43bc1d6c053bc1a21f051b6f8001203fef12c978
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 20:28:19 2008 +0100
updated TESTLIST
commit 789df9f7671187dd420dcc277f70590ba63eb9c2
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 20:19:23 2008 +0100
Renamed remaining interop-ikev2-* tests to be more descriptive.
commit 4f4e6ae93dbfd5a345534cb46475913a16b8dcee
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 20:02:21 2008 +0100
Renamed the racoon-01 and strongswan-01 interop tests to *-noconn
commit 22f66f652a85f02b21dc2b7ca3f199b18f069f35
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 19:57:56 2008 +0100
Renamed the ikev2-0* tests to be both numerical in order, and have a more
informative name. All output modified accordingly, so tests should not
fail. Added missing ikev2-algo-02-modp2048-responder
commit 8a58712c894a2b4723f83da37112e17b66ed5df2
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 19:32:08 2008 +0100
Added phase1-expire-01-reconnect-klips and
phase1-expire-02-reconnect-netkey to try and trigger bug #888 emulating XP
commit 1df205083d733104f4e57295cc03827a48e55488
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 10:38:52 2008 -0500
commit 8e96c8e346234ddd11a645a61c9a933baff19a1a
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 10:21:35 2008 -0500
undid the cp -a, and chmod instead. otherwisewe get out-of-uml uids.
commit d92b8d4570238710ed4a2d8eb9f842f6c3c127d1
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 21 10:08:48 2008 -0500
need a destination for copy in westnlocal.sh
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 77514246bb4886203a8ee6209dcea233b9f0d15a
Merge: 3df50ef afcf1ec
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 21 10:07:23 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 3df50efa14ed742097cfeefb30ac665aea6376f9
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 21 10:06:52 2008 -0500
copy/overwrite secret rather than appending to it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit afcf1ec4942fcb54c7a8a40e583601efb5a19546
Merge: 004dfb0 93450b7
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 09:55:17 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 004dfb0e0b633112c934105e518d527c6516691b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 09:54:13 2008 -0500
copy the racoon configs using cp -a, so spmd.pwd does not become world
readable (racoon2 refuses to run)
commit 93450b774fd138ff3eda99a79913e910605645cb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 21 09:24:53 2008 -0500
added missing #
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9ce71705fc33ac5d1ddee60a6143dcd36b3ec5cf
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 21 06:26:59 2008 -0500
fix strongswan config to add debug and use auto=, else starter will
never load or run the conn.
commit ad52cac9d25fa81673b8e9208f66448cf5d34597
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 20 13:50:48 2008 -0500
Start of X.509 test with strongswan (interop-ikev2-strongswan-04). Still
has a problem loading the conn on strongswan (but logging is really
awful with charon)
commit 73174d932c9a48f4266c3fc5aa6c2a7bcbfd1b04
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 20 12:27:16 2008 -0500
Updated test results for interop-ikev2-strongswan-03. This shows an
interop problem between openswan and strongswan when strongswan is the
initiator.
commit 0a7713efccc84f9f5bed5c5b18148149eda16d36
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 20 10:19:33 2008 -0500
updated interop-ikev2-strongswan-02. Shows PSK interop with strongswan
where openswan is the initiator.
commit 1ca4e603f1cbf18dae435d957800f745a0df2ebd
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 20 08:57:39 2008 -0500
westlocal.sh should also not have an empty if statement
commit f8d8529d446456060a06fc5b134dec5cd916dc8e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 20 08:37:15 2008 -0500
testparams.sh is not sourced by eastlocal.sh, so we need to set
EAST_USERLAND= in eastinit.sh.
commit e5914fefc252d9ac04ba5bfe9b5e04f85b298c17
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 20 14:17:32 2008 +0100
Use "ip route replace" instead of "ip route change", since replace will
do "add" if there was no route. Also removed bogus check on ipsecX
interfaces.
commit c134a0e02eabfc6f9031cc5f3a8fb8a9c1419421
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 20 12:27:21 2008 +0100
updated CHANGES
commit 8f88fe04af048978a51f3348c03c5bc443e06b20
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 20 12:24:40 2008 +0100
Second part of Herbert Xu's patch that was left uncomitted in the tree.
commit 30e7dce33b9f5d2fa5aa9f77664acf05daa2e20c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 20 12:21:21 2008 +0100
Delete states belonging to interfaces that got removed. Patch by Tilman
Baumann
commit 7f2c9e1110b1b4070e37b8bd23d7ceb2c2b68618
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 20 11:28:25 2008 +0100
Added ipsec look script for use with NETKEY in contrib. Written by
Matteo Vitturi
commit 4035d9249bb57a44e24e36ed1013e0ea292aa3c9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 19 17:07:23 2008 -0500
shell doesnt like if clause with just comments.
commit 2af46251ace2ccb8af9bc4af313136575102268d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 19 21:57:36 2008 +0100
Removed /tmp/doesnotexist*.conf test include.
commit 540ee39d029a4958c14e49cf67b00ac1cb1c25a1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 19 17:53:21 2008 +0100
disable OE per default. point to more examples.
commit 2422cb37c410131bf8bb78a0e5d87673be96a193
Merge: 3f993b9 9ba91c7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 19 11:08:16 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 3f993b90a211d1be243e008af3a9be12ef24532c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 19 11:00:05 2008 -0500
updated interop-ikev2-strongswan-01 to use new eastlocal.sh
commit 937b8c7ecdbd93d81da77d089d90b93197a3bd40
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 19 10:58:28 2008 -0500
updated eastlocal.sh and westlocal.sh to support WEST_USERLAND= and
EAST_USERLAND= options. Currently supported "strongswan", "racoon2".
Everything else leads to the old behaviour (pluto/openswan)
commit 12e8a9dc3e4599f072713b9f663a2023aa45d16e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 19 10:25:04 2008 -0500
Fix missing "echo done" in the *init.sh scripts on interop tests.
commit 466da432c84db65ffc1e82d7238ac6c1e71d6d13
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 19 10:11:02 2008 -0500
fix missing echo done in interop-ikev2-strongswan-01
commit 77db1cd6e8b032f8578a111358e742e545fa80ff
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 18 23:19:05 2008 +0100
Fix for inline built for ipsec_alg.c
commit 9ba91c7592e021bf8586129bf69e8a65028947be
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 18 22:55:52 2008 +0100
Added testcase for testing all "config setup" options (readwrite-22)
commit 38fd12dfce369d9c221f09a2a0f5716495d14eb8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 18 22:51:40 2008 +0100
Fixes to readwriteconf-21
commit cd30172c7c6085e7ab07abe483b3867eccd7da9a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 18 22:17:05 2008 +0100
updated changes.
commit 52f872629faac96ea408716b0d10b9358e75ee63
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 18 22:15:47 2008 +0100
Fix for bug #460 by Herbert Xu. From the bug entry:
When main mode I2->R2 is delayed for crypto, it may pick up a bogus
ISAKMP header when resuming. This is because reply_buffer is global
and another transaction could've used it in the time being.
So we simply generate the header in main_inI2_outR2_tail instead of
process_packet for this case.
commit 98c4015349fbbb983c23c970de096177157535b9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 18 17:38:45 2008 +0100
Added two comments.
commit 84fa8e0e5f6cd1e65db2036b93d913618f28ca9e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 18 14:32:03 2008 +0100
Updated pluto/linux26/* includes required for NETKEY. These are taken from
the Linux kernel includes.
commit 0239d2c4af94e0ee66e2783ab8a2bd1efb4dbfbd
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 17 23:41:53 2008 +0100
Add description for bad-nexthop-01 test (to be written later)
commit fb9a71ae579a664390905f9532f55ce374770893
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 17 22:02:24 2008 +0100
updated testlist.
commit 99a0e1560aecf36bb3359827df8f44acdc9ddf9e
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 17 21:16:35 2008 +0100
Added algo-pluto-09, which tests bug 892 (dropping compression=yes when
specifying esp=)
commit fff61ae8bd8f565eb69c2e138619c14aee14577d
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 17 21:14:57 2008 +0100
Fix TESTNAME
commit b77287faa42792a654acb7a0310608446c54a345
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 17 20:42:48 2008 +0100
#897/731: crash in alg_info_snprint() - patch by "Deep Throat"
commit ccc0a912e590dc429cf328761fd8828b9651141b
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 17 20:32:36 2008 +0100
Increase buffer for proposals (some people pick large sets)
commit b6c487e3072b1356c7dbd952ca11f60cc2c00686
Merge: c4ac278 39c3db7
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 17 20:00:39 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit c4ac27817687a23d13b39aa2341a9147945b1066
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Feb 17 19:44:51 2008 +0100
Test for bug #897 (insanely big ike= line crasher)
commit 39c3db74dd782d1ead836210ac96eb13bf74e8dd
Merge: 28b5b13 a1841dd
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 16 19:00:25 2008 -0500
Merge branch 'origin'
commit 28b5b135bc49c8f9b35a1d6ea6f3a7388f3e2612
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 16 05:09:34 2008 -0500
added new kernel tree for umlnetkey, netkey26. and create a start-netkey with it.
commit a1841dd091bcca1efdcc11fd2241ebdd55ff0dc3
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 15 16:53:28 2008 -0500
strongswan-01 testfiles. I don't see the notify from strongswan now, which
means that the crasher is not happening either.
commit e3ef9e557cb0cee3f6c3d7589225771406fac9f9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 15 22:36:37 2008 +0100
strongswan-01 interop testcases - should show crasher
commit dd5477f08b645c3f4e275723027d198878e1cc13
Merge: 6e19709 48f167a
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 15 16:28:12 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 48f167a2d735212c0f7cad6ebc1170dd1dafa083
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 15 15:47:16 2008 -0500
Various updates to testing scripts on racoon interop tests.
commit 889c093aa24dd35f23ce4922badef9da700fb015
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 15 13:32:42 2008 -0500
updated versioons of final.sh. Still gets cut off through.
commit c9869789b05b230ab671ff6dcdc6006046f6c852
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 15 13:31:04 2008 -0500
preliminairy test results for interop-ikev2-racoon-03
commit 6313f40e6d78a412c1b8cc99d73f1dc4d1ab4f1b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 15 12:53:34 2008 -0500
change psk to x509 configuration for racoon5 test.
commit 1953d7cea8399c029b20ca29c20ecef732e50ae9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 15 12:52:47 2008 -0500
racoon's spmd refuses to run unless /var/run/racoon2 is mode 700
commit 6e19709e55f3ef9fc917272c05faebf98754e509
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 15 11:11:37 2008 -0500
added a new kernel target in the plain tree; linux-netkey. linux-netkey support netkey. It can be used for strongswan test.
modified: testing/utils/make-uml.sh
commit 8ffb321d1157150d8f3058c3fdcc6729aae5ef22
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 15 10:10:48 2008 -0500
Added missing spmd.pwd in racoon-02 test.
commit b99b93f600a36b76b11e21535ec4a4dcae3a51f0
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 19:46:47 2008 -0500
Updated output. Since Racoon also does not seem to appear to send a
NOTIFY when it has no valid conns, it does not trigger bug #890.
commit 6eb7e0009db1b7c10702a04be42968c29337840d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 19:40:20 2008 -0500
copy racoon configs to proper place in eastinit.sh
commit 82bf96304145dfbf7112f8680cec583d8ed2d8b2
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 14 19:28:44 2008 -0500
tunnel_ike.conf files for X.509 (do not work - racoon is broken)
commit 03767d03e96a207eb0b13500787e5bc5c10bc249
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 19:07:45 2008 -0500
updated interop-ikev2-racoon-05 testfiles
commit 44c9ec5c24f79fe3814fbd8a51dac5644f622f7f
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 14 18:37:04 2008 -0500
Fixes for pluto/racoon scripts for interop-ikev2-racoon-04
commit 26b8defad61331deab720c4e56d276bf13df5752
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 18:25:08 2008 -0500
update TESTLIST
commit c861c3376cff43bea8f9ed4055a80ab7bd018a6b
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 14 17:03:14 2008 -0500
Fixes to testparams and check for raccon in final.sh
commit 3d9372bffeb2170687fc47b10109874759b18f16
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 22:29:58 2008 +0100
Fix where a call to kernel_alg_esp_auth_ok() needed to check for NULL.
It's a bit weird, but kernel_alg_esp_auth_ok returns NULL on ok, and
"bad auth" on failure, which is counter intuitive.
This is bug #496, patch by gernot
commit 969080d84d76fa0368a68a45696098303e7c7459
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 14 15:47:59 2008 -0500
Fix typo in ip xfrm command.
commit 90cf4659e2648215b19591ec30501a6c14b5cc78
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 15:46:44 2008 -0500
Fix fina.sh to display racoon instead of pluto information if that is
in use.
commit e718d486b73067401db9de2e4a9b89560104db68
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 15:16:37 2008 -0500
Create /var/run/racoon2, because its created as tmpfs mount, and racoon2
is not as clever as openswan
commit 33099b907c6df0c6041acd93843770322f1a14d9
Author: Antony Antony <antony at xelerance.com>
Date: Thu Feb 14 15:09:32 2008 -0500
change ownership
commit 2ac40b7112182cc9e0d1d2564164667b42b3c29a
Merge: 1a2b0fa 2766e47
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 14:59:41 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 1a2b0fa95c43f6d9848ba666fffebd74ec1899f3
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 14:58:50 2008 -0500
Various fixes to path names for racoon configs.
commit e9139bd0448a157d03bb47d60c59d38295615d93
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 14:08:17 2008 -0500
Fix paths in racoon configs for interop-ikev2-racoon-03
commit de452d110bec26abfcc0ceb9d99b5b34a061b4ce
Author: root <root at cyclops.xelerance.com>
Date: Thu Feb 14 13:56:47 2008 -0500
Updated interop-ikev2-racoon-02 with expected screen output. Put in markers
since interop fails.
commit 2766e47e06b4377c8a13de40b98106cb304a55f0
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 18:50:52 2008 +0100
Updated copyrights
commit 9005d8ef7cc368f4834a8e5af96bb4f8b8b5b207
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 14:46:26 2008 +0100
removed the whack command that enabled too much debug (private all). It's
too difficult to handle with the nightly changed certs etc.
commit f8f9a4c676ed665083c7dc16dd0b7bff1f187544
Author: Antony Antony <antony at xelerance.com>
Date: Wed Feb 13 19:19:50 2008 -0500
preliminary output for netkey-pluto-02
(needs a rerun with proper certificates to remove some errors)
commit 68a81c9a7f3932697e9ac9b3eba37aca3d58d2b6
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 13 19:04:54 2008 -0500
Preliminary "right" output of testresult netkey-pluto-01
commit 50d12326395fa1fb79fa7c91c5105c072951b643
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 00:51:05 2008 +0100
Added racoon PSK interop tests analogue to the strongswan ones.
commit 868a8f61272b2ed6bcf6e00d23d25cf7d80b3fcb
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 00:27:27 2008 +0100
Build the start-netkey.sh as well as the start.sh script. This currently
uses a hardcoded /home/build/linux-netkey. This is not too much of a
problem because unlike KLIPS, we don't need to rebuild NETKEY for
each nightly run.
commit b375da12be41cf4476b3bf744cf0eaf8840b7486
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Feb 14 00:03:37 2008 +0100
minor changes to netkey tests.
commit 20f143a91cc6bb8b791e2ba6f6eceebc72304825
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 13 23:47:49 2008 +0100
Added support for WEST_NETKEY=true
commit 12905838d4e8733da16f88960feb0344840d1a9d
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 13 19:11:45 2008 +0100
fix PSK to not include \n
commit 40f756500898aec3443dd18ed4ae0c6c5ad53a8c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 13 18:58:49 2008 +0100
added racoon PSK config that is known to work into the testcases. The
east init/start/run scripts need updating for racoon still.
This case also fails due to the \m mishandling of racoon2.
commit e477fd6cd86a720199e324668713b6acae5ead2c
Merge: 11c8f82 90a8551
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 13 18:36:12 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 11c8f825033a87c1e884e3a60b0edb5b1826e110
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 13 18:09:37 2008 +0100
commit 90a855197793c2e702d5cea6ea8c547cc7459d09
Author: Antony Antony <antony at xelerance.com>
Date: Wed Feb 13 12:07:19 2008 -0500
added support for netkey
commit 92473ac4d9139673b3e77b584e19c20448532113
Author: Antony Antony <antony at xelerance.com>
Date: Wed Feb 13 12:06:27 2008 -0500
added 26netkey .config
commit 8bb1f820bd3b143c9bec167bbf349b3a936c293a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 13 18:00:43 2008 +0100
Configure netkey for older tests that dependant on netkey, since we now
support netkey.
commit 5abef5321291791cef077bcccb353db33db6bb1c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 13 17:52:07 2008 +0100
Added testcases for interop with strongswan. These use the new netkey
based uml kernel.
commit eb94c396a44e329f52485b776a4703bcc4aba220
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 13 17:13:36 2008 +0100
Reworked the testcase for receiving V2N when expecting R1 to use
strongswan with the NETKEY uml kernel.
commit 40917669abd04d850c96edeee778f614362093f1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 12 18:01:11 2008 +0100
Fix error message when neither KLIPS and NETKEY were not available,
and it wrongly stated both were available.
commit b9eac405d3d0f7432a3f833462b6c4d4913531e6
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 9 14:03:49 2008 -0500
fixed logging of dh_tranform match
commit 82da6bbc3101acf02f5cd8df1f4e5fbaa51ff658
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 9 09:01:37 2008 -0500
added 2048 groups for rsa
commit 59b87d2dacb558a91aa7dcb448c3237a41fca7b1
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 9 08:52:42 2008 -0500
added remainin modp2048 groups for aes,3des sha1, md5 for PSK
commit 3913e502e5f2c280467f91360d4d7cf37099bf42
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 9 08:41:10 2008 -0500
added 2048 aes sha1 to psk policy database.
commit a2eece089c806b54ecc2d0f4636542202d433fc7
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 8 18:20:25 2008 +0100
Added ikev2-algo-01 testcase, which shows the interop issue of openswan
not setting its own dh= in its proposals and ending up with
NO_PROPOSAL_CHOSEN.
commit 1332c42c896fa868b275905cb11114682df6ef01
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 8 17:42:00 2008 +0100
updated CHANGES
commit fa10313214113e4263196eb4d879e64626023ef6
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 8 10:28:18 2008 -0500
changed fake PSK size to 20 bytes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4bdab35010598d522830677f42095584451c313b
Merge: 795f106 1c210b1
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 8 10:28:02 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 795f1065b6d90b7710901dc40c95184ec5a05f89
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 8 10:13:45 2008 -0500
unto changing defaults, this is not going to fix anything.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6253546ca31ec0625a4779020785a9e47492ed4b
Merge: d395012 df33f91
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 8 10:11:54 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit d39501273f0a74582f200ba35aa627a7cbc60837
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 8 10:09:36 2008 -0500
adjusted seams so that all tests compile, and reviewed output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1c210b106c6b696c92675eadbfb9c5ad83beaec4
Merge: d594281 fdfbf1e
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 8 09:21:33 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit d594281ace7f8a6b0083f9f406d6d8df9dbd8c4f
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 8 09:20:23 2008 -0500
comment cleanup
commit 4eef517045dab75665f7ca655a5fc6c793c160ad
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 8 09:17:13 2008 -0500
cleanup of log messages & remove todo comments
commit fdfbf1e49e7933c0624309c83b2ceb0e22ad0620
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 8 14:33:01 2008 +0100
Updated CHANGES
commit 17178edad81d56c6dc9c24880012aa1c3b7f4c55
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 8 14:15:42 2008 +0100
Don't include the \0 in the "Key Pad for IKEv2". This caused our inner
prf() problems.
commit 0e2a33fc5b6032d1289aba5d701b2ed51a11dd75
Merge: bc41639 88dc2ae
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 22:49:51 2008 -0500
Merge with 88dc2ae9924c5baaa00543f70ac018a6bbf1ded2
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bc41639d2966c08f753bdd0245b424945d040466
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 22:22:19 2008 -0500
updated R2 tests with results of certificate thinking process report.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 35bcc6f5cdac12efe72beb85bc20e07970d4bb54
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 22:21:26 2008 -0500
fixed unit tests to compile without -DNO_X509_SEAM
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3ff9f8901ace8d4246126fa50ea45a03910454ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 22:09:23 2008 -0500
redo certload hack so that it respects rootdir.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5b866220961dc462a1853cb18e5a70b4d31ad31d
Merge: b21b9da c8b01ed
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 22:08:57 2008 -0500
Merge with c8b01edc5ceedb3c99d4ae6642d58726d2069832
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b21b9daa109ac29dc179934ce8fda7c6e88c0fda
Merge: b0f0c1a 9026487
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 21:31:21 2008 -0500
Merge with 9026487064a4a7b266eb93a97010b3c3ba754bef
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b0f0c1a8eb6f7a053bff8fe41de0347cc67d0a02
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 21:21:12 2008 -0500
updated test cases to run after introduction of ikev2_x509.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e3a6cdbc75e333414893ffcdb08489b5766f9243
Merge: 0f98c40 ba22e7c
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 20:53:47 2008 -0500
Merge with ba22e7c52925da113bf56bc19d662faad54a8905
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0f98c403bae5eb1ec93f38f66adca6cb45224940
Merge: c7ac4f9 2ade153
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 18:39:24 2008 -0500
Merge with 2ade153bca934ec9e928a60d05878549b95105f7
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c7ac4f952182fbc3edf03f4c5a6bb34fd22a9bee
Merge: 9fb5f08 2f4fd1a
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 18:31:51 2008 -0500
Merge with 2f4fd1a07fa3ce18fedc9d7c854d8e6ab45b115f
commit 9fb5f08a9c32fb0caafe2ba3b83c5e999f07d643
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 18:28:22 2008 -0500
minor changes to test output to match re-transmission changes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c68967ee68f16d1ef5ca17a065767d40597b2162
Merge: eedf4e2 70377b5
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 17:26:48 2008 -0500
Merge with v2.6.04
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 07fe93209759e3dc2893b9f95776a86551938291
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Thu Feb 7 16:03:11 2008 -0500
Adjust to match output with IKEv2ALLOW policy addition
commit 79b061f47d5a5bbdebcf00c75101f78328fcc3a1
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Thu Feb 7 16:02:57 2008 -0500
Adjust to match output with IKEv2ALLOW policy addition
commit abbfe940ece15d428c429f1097f774dccb301950
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Thu Feb 7 16:02:31 2008 -0500
Adjust to match output with IKEv2ALLOW policy addition
commit 532368ce99e2febaebd59e2f28b267f9f402eed7
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Thu Feb 7 16:02:14 2008 -0500
Adjust to match output with IKEv2ALLOW policy addition
commit 5695f425000ddc690b2a7d3ed383df17e3d61fe7
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Thu Feb 7 16:01:46 2008 -0500
Adjust to match output with IKEv2ALLOW policy addition
commit 96412255c41994c55f910ef6e3fdfe47e2f8d3c7
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Thu Feb 7 16:01:17 2008 -0500
Adjust to match output with IKEv2ALLOW policy addition
commit 72fa6732dffc5a9ee70cf20e9c24f28a4ec2e033
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Thu Feb 7 15:54:35 2008 -0500
Adjust to match output with IKEv2ALLOW policy addition
commit c6441f8221da5c7ec86679094be7b7ff116a4081
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Thu Feb 7 15:53:07 2008 -0500
Adjust output to match new kernel interface log line
commit eedf4e2bf4d07c23e2e2d9a6adc82e1d9ce766ba
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 15:26:30 2008 -0500
added debugging of bucket number that used for some operations
to help identify when things were in wrong hash buckets.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c2c0bbdd89929de463ecefe901f4e37078e2c7b0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 15:25:55 2008 -0500
moved creation of icookie outside of initialize_new_state(), as it is also
used on responder. This worked before, because the responder was setting it's
responder cookie later on, and rehashing things, but since that change has
been deferred until I2 has been verified, this doesn't work.
Unit tests worked because the random numbers were fixed, so things just happened
to work.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f03bf01d6c28d52bbe1e189e7928c41632bdc2f0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 15:23:18 2008 -0500
make some minor progress towards sending notifications on errors.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit abcdd44c0f04fd7eebb2dccb4146ccdddefc2f96
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 7 15:21:42 2008 -0500
updated with minor debug changes to state routines to deal with delay
on responder for updating responder cookie. (state was hashed wrong)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4cd7782ef99d2f82c91c9bdedf3fa51accc87a36
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 6 23:00:05 2008 -0500
be slightly more robust in finding parent SA.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ca9689146d87cb3d6d3ac2a76edf072426fde3ff
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 6 22:59:06 2008 -0500
must update parent SA lastrecv value rather child value.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 13678c0be7d4c04f3d9fc9fa0076bc2a7efb6220
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 6 22:58:25 2008 -0500
use %0p to get leading zeros, to make sanify operation easier.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f45532eae841ab5ac5d8c6407a8806c581877423
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 6 22:57:30 2008 -0500
test case for receiving duplicates on responder, in R2
- need to keep received counter up to date on "parent"
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 18acbb8e3bc33025e2d8bc64de593e624137a253
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 6 21:20:09 2008 -0500
additional files for I2 duplicate test.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bdbb0e9952a381cf79ac575204bb72e193274ede
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 6 21:18:30 2008 -0500
missing file necessary for un-even nonce calculation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ce9d230dd0f38d4830b363fc044d545cf48d5b13
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 6 21:16:55 2008 -0500
parentI2 duplicate test case --- receive multiple R1 packets.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit df33f9149eb439f4c28b2141d3099d02fb60735e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 6 23:35:29 2008 +0100
Removed wrongly placed passert()
commit 8ae3a498fa6e999ceb50864c1b330c3d7004aa4e
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 6 15:05:56 2008 +0100
if no group is defined, pick OAKLEY_GROUP_MODP2048 instead of 1536 to
avoid interop issues with improper implementations not respecting our
1536 proposal.
commit 7fd9c6ab4cde649515e676a58ab310a7e3a5818c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 6 02:31:59 2008 +0100
Bumped the default_ike_groups to include MODP2048 and remove MODP1024.
This should work around the problem of other implementations not
implementing DH 128 bit (as they are supposed to do). This happens with
racoon and strongswan.
commit c97290832af6e1738b58e351332672a8d37d0658
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 6 01:59:02 2008 +0100
Added a passert(pbs != NULL) to accept_KE(). This happend when no Gr
was received, and we blindly tried to continue.
commit c5eeb44654791bac97d9484b90b6c1b666152c3b
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 6 01:57:13 2008 +0100
Fixed a crasher where remote did not send us a Gr in the R1 packet. This
happens when we propose AES 0 byte encryption, and the remote sends us
a notify.
commit 1fbc96017f3c73632cea0fe64d22ddbd317b53cf
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Feb 6 01:30:36 2008 +0100
Added ike-algo-02 testcase that shows trying to use 0 byte AES.
commit b705bedfe0d0b300516c7ee6c62f004d76b5dcec
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 5 21:17:50 2008 +0100
Don't try to set from_state too early, since some failure modes do not
have a valid st->state. This fixes the crasher when we are responder,
but have no connections loaded at all.
commit b62d183b2edbd10594025fab31af757c5c29aaad
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 5 14:10:58 2008 +0100
Various fixes and additions to X509 testcases.
commit fd892ac334cde08c304d74dc24e2f8a57e02de05
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 5 14:10:30 2008 +0100
Use strictcrlpolicy=yes instead of using plutoopts
commit d129d2ca25804012fdf40cd4bb097472501e8e4c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 5 13:54:23 2008 +0100
updated TESTLIST for x509-fail-* tests.
commit 3b69f74537cbbad9c38a36870395a3713e0bd346
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 5 13:39:17 2008 +0100
Added note to this test - it's probably obsolete for fail-x509-02
commit 89cba6a8c57e66e585ce089031d480ed82e6623e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 5 13:36:18 2008 +0100
Added north-east-x509-fail-base to ipsec.conf.common.
commit 055258016b39723e066dfbfb6d525fdcd92c231c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 5 13:35:10 2008 +0100
Changed fail-x509-* configs to use an also= to make it easier to read
the configs, and limit the repeated config paramters across tests.
commit 30b2d74633cea8af057f60f54a23f67a2c5e16ba
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 5 13:34:28 2008 +0100
implemented test fail-x509-07
commit 16f6b6341c6a45f6fccfcfc01ed8073aec777d35
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Feb 5 13:34:14 2008 +0100
implemented fail-x509-08
commit 88dc2ae9924c5baaa00543f70ac018a6bbf1ded2
Merge: 6bd1bd5 f8494e1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 19:22:49 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 6bd1bd5be8c2a3fcfad33494eec9964fc2539528
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:47:23 2008 +0100
Fixes to fail-x509-01
commit 34cb64a5b6911506e7f01d3bd15de44af5b5c938
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:46:54 2008 +0100
Actually implemented fail-x509-02 (expired cert)
commit 5b3b15f008be4fbc874267ffb97a279a748584da
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:36:25 2008 +0100
Fix DN for north.
commit 593a59402c01bdd5c6a1afe55cc5e0b1af8e4f14
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:33:42 2008 +0100
Actually createdfiles for testcase fail-x509-01 to test revoked cert
commit c35c562f2eb7617a52c803110b5d534b56f1ad34
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:21:33 2008 +0100
Added ikev2-x509-02 which tests an X.509 configuration without setting
any ID or CA or CERTREQ sending explicitely.
commit 184333b79abb6081ce504fbf9f280cfb19a6686a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:20:03 2008 +0100
make sure remote end certificate does not exist and cannot be loaded from
disk.
commit af1699ff70287d924d5bc4938eb20059ec8aadd2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:12:40 2008 +0100
Replaced FreeS/WAN with Openswan in comments in the conf files in testing
commit d431289d72e5ff78fc756be374bcd5649d40107e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:05:53 2008 +0100
fix description of ikev2-04
commit 637b01434358cc2cdc028e9ff346599669f83478
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:04:31 2008 +0100
update description for ikev2-01
commit 5d4e95ced0753c068d48539bab82dd62e2b6424c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:02:54 2008 +0100
Fix TESTNAME for ikev2-05
commit 2ef035d4c15c2ccab952261139ccae40e25310ec
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 18:00:34 2008 +0100
clarified desc in testcase.
commit cc142af268d4e2c17e7394ff9637b8a338dc69a0
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 17:57:08 2008 +0100
Minor changes to debug log messages.
commit f8494e18ffa93caef252fe6135e108dc9bbe668a
Author: Antony Antony <antony at xelerance.com>
Date: Mon Feb 4 06:53:42 2008 -0500
with certreq sending and receiving.
commit 3f7fddaa93d52c87ce67fd989c147303ab908b2b
Author: Antony Antony <antony at xelerance.com>
Date: Mon Feb 4 06:42:24 2008 -0500
added seam for v2 decode cert and certreq
commit 383a43efff117055cdb908e20225c59ab575a2cd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 12:12:25 2008 +0100
Use ifindex instead of iflink for VLAN devices (by Craig at remex.com.au)
commit b1e109370a4484c1a44b2cf480424ceb9ec6a643
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Feb 4 12:09:01 2008 +0100
Patch by KOVACS Krisztian <hidden at balabit.hu> to handle 802.1q devices
properly by using ifindex instead of iflink. The latter is not set for
VLAN devices.
commit baa940f01c1a8368eb8bd6ddfd631d0d73caa502
Author: Antony Antony <antony at xelerance.com>
Date: Sun Feb 3 12:42:40 2008 -0500
remove duplicate rightca
commit b91b80c90e2f235277f1d7d7f29cfa72d5fdc144
Author: Antony Antony <antony at xelerance.com>
Date: Sun Feb 3 08:55:20 2008 -0500
tested CERTREQ, sending in in I2 packet.
commit b34fe8b10b4c35d5a8157c3dc44a210588766edb
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 2 23:16:39 2008 -0500
process CERTREQ payload
commit 111b14726c775cd396e48d13587f92e594a1d79f
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 2 21:10:30 2008 -0500
with CERTREQ
commit 2a338722de1546c8a677e6fd65b3e7d32d55e59f
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 2 21:04:10 2008 -0500
commit 17b3b7d41b47649b5bdf8289d15963f8e4f20438
Merge: 7f798b8 6bd5e23
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 2 19:29:28 2008 -0500
Merge commit 'hal/master'
commit 6bd5e23d90f0d6352b87e7740fee8d2cf9320765
Author: Antony Antony <antony at xelerance.com>
Date: Sun Feb 3 01:01:53 2008 +0100
working on send certreq
commit 275b909df5e162cd26685148f8a22847e38b7556
Author: Antony Antony <antony at xelerance.com>
Date: Sun Feb 3 01:01:09 2008 +0100
bit more formatting
commit a1be648faaafd10873ca8e3919f940502c07bd55
Author: Antony Antony <antony at xelerance.com>
Date: Sun Feb 3 00:59:53 2008 +0100
added bit more error message and include<errno.h>.
commit 45f0742f9618617b38bb87547c3ed86186b17377
Author: Antony Antony <antony at xelerance.com>
Date: Sun Feb 3 00:58:46 2008 +0100
uncomment ikev2_certificate_req_desc
commit 7f798b8997759c408ff9716316344e9e62c4a9bd
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 2 08:22:06 2008 -0500
added tcpdump output too
commit 88d29586ba9224cbf3255f808418dc80cf48c6ee
Merge: 04f31d8 7e54179
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 20:22:41 2008 -0500
Merge branch 'ikev2' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/
commit 7e54179193612b6e2f0741c92a4e3ac369647645
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 2 02:21:53 2008 +0100
working on send_certreq
commit 04f31d8c3fc943641d5cf77e4046970fcd1a3738
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 20:08:48 2008 -0500
changed pcap input buffer and save packet buffer size to 9000 bytes
commit b5d61f54a865219448d6dd365e3213f6ef5f83c1
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 20:07:04 2008 -0500
results for I2 & R2 x509 tests. note this need up pcap output buf size.
I set to 9000 byte. packet size is more than 1500 bytes
commit 696c5c5d6e54a1aa403536780d6e45b99f7493cd
Author: Antony Antony <antony at xelerance.com>
Date: Sat Feb 2 00:55:47 2008 +0100
bit of a code cleanup
commit 2208f4d34a5cd0f5f8e5b3a21cdaa124e20b14f4
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 18:21:11 2008 -0500
cleaning up the test
commit c8b01edc5ceedb3c99d4ae6642d58726d2069832
Merge: 1123454 d8d5c40
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 11:23:59 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 1123454e12491f0c39f1cc6a5ae5bd7e684c2521
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 11:23:24 2008 -0500
removed old certicates
commit d8d5c40ce29f2c0b4ed03590442c452ee92e3136
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 1 17:14:57 2008 +0100
Modified testcase to known working instance of X.509 to test IKEv2 CERT.
The required settings indicate X.509 bugs that need fixing.
commit b7af6e858d501beb1d33cfd5884ad29a2a599a5c
Merge: f964a35 0b8ac07
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 09:37:09 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit f964a353edbb94c1b2cb5ac10c95ef15a152a074
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 09:36:45 2008 -0500
1024 bit
commit 75f1ff8ce73e27bde47f2d2d8c20a1447a98e7f0
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 09:33:16 2008 -0500
tested R2 and I2 state to send and receive CERT.
commit 0b8ac07660aaee59299dcf2134f6da64e860be1d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 1 14:21:03 2008 +0100
touch is not always in /usr/bin/
commit 069f2b73e82df2c763e8fb562a2b76be6b621e2b
Merge: c714067 39faa92
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 1 14:10:24 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit c714067ccd7e3549ab25b2a14883207c00ef1d4a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 1 14:09:50 2008 +0100
Copy the X.509 generates files into the baseconfigs/all/ directories, but
also copy CAcert,cert,key to east and west for the X.509 tests. If the
other baseconfigs/XXX/ exist, copy keys/certs for those as well.
commit 39faa92c91bfafbd55c6ab2f790bae81070d2363
Merge: efb9eed 11d22f9
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 07:26:14 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit efb9eedb7b5dc9cfa8403b8a42a1010753ce7810
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 07:19:36 2008 -0500
fixed east west bug
commit 8048c38d5d8324141de4b60ff40cdcce545dc2db
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 07:18:58 2008 -0500
in R2 decode received ikev2 cert payload add to store
commit cdd5a8425216f4bd2bb80aadc4d22ddfcbca4d1a
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 07:17:47 2008 -0500
copied decode_cert to ikev2_decode_cert
commit a08cac9173b779c4ac8fdbfb8c165b53da099b06
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 07:16:27 2008 -0500
added v2cert and v2certreq to union payload {
commit 11d22f9c7302d34e8e880b98f07d151387dff0fd
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 04:15:19 2008 +0100
work in prgress decode cert.
commit 370822c7136732046cd536df9774f611d0c597a0
Author: Antony Antony <antony at xelerance.com>
Date: Fri Feb 1 04:13:43 2008 +0100
work in progress to add decode_cert
commit a5536d8e7d65b7ae8d350c9aeb214bf35b9fb405
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 19:24:48 2008 -0500
added parentI2x509 parentR2x509
commit 4aa8f835c29742e7f4d24078881456f01f4c1353
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 19:24:03 2008 -0500
I2 packet
commit a7fda91a330698efff0e9078af6d39b222f0589a
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 19:21:53 2008 -0500
changed output .pcap file name
commit d7869ba8bee8d429d5963fda49f76228a3dac56f
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 19:20:20 2008 -0500
creating parentR2x509 test
commit 4d67896936edf15360a7d22b582cbeef8a94065a
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 19:19:52 2008 -0500
384 bit key so that cert payload fits in a packet < 1500 bytes
commit 9026487064a4a7b266eb93a97010b3c3ba754bef
Merge: dc88a3f fc0e7d9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 1 00:50:32 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit dc88a3fc1d097687be89e8a026b3185e86fb788b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Feb 1 00:50:01 2008 +0100
Fix CERT and CERTREQ pointers in payload_descs {}
commit fc0e7d96067420a9aeff88d354c2d607974f43a1
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 17:21:47 2008 -0500
working on send_cert
commit 94040b99af3ac2e126f674c60bc7785ce4cd00cd
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jan 31 21:04:30 2008 +0100
Added comment for future use of sendinf IDr if we have a "rightid=" set
that we insist matches the remote peer.
commit 6a17be2146c9e4cc19ce67c57cc7575ee4d951ae
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 13:23:07 2008 -0500
set encoding type from mycert, so out_struct does not segfault
commit f1ba730f9696dc0446fc9aca9e245b604815b50a
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 13:19:39 2008 -0500
load host cert does not accept relative path. added a hack to look in the
cwd. "./"
commit 239c68dcb6a26e57fd1130b9df8dc06500b35ab8
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 13:17:14 2008 -0500
create missing directories in ipsec.d
commit 972f8caecc80fe9a1d459ddff7769e4b1edb4db9
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 13:16:41 2008 -0500
fixed ikev2_cert_fields, ikev2_cert, and ikev2_cert_req
commit 72e828be2142f9af45ce43d0a417b61d49cb6bbe
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 12:48:59 2008 -0500
set the critical bit
commit 6c290f3b82ae26b39c9bff0adbb60ac1fd3725a8
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 10:59:14 2008 -0500
test can load CA cert and west.cert
commit 471a8c6f3ffa212aef4a86103629efcaa7b8ec13
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 10:56:13 2008 -0500
added support to conditionally add x509 seams using -DNO_X509_SEAM
commit 581c3d05d72a91c10e64724e02d4fe2f45848fe7
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 10:54:36 2008 -0500
added seams for IKEv2 x509 tests
commit 029c582e0dd543176e0721cc03b8020e96516ea6
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 10:33:09 2008 -0500
reading cacerts only worked with absloute path. scandir was taking path
after a chdir to path. fixed to use ./
commit 639e75dc0cfc9d0e35035c13d92a554fe7f65102
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 10:18:39 2008 -0500
remove old caCert
commit a39293eb8c1af6ca4ded795129ee5d17a6410619
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 12:08:30 2008 +0100
fixing log messages.
commit ba22e7c52925da113bf56bc19d662faad54a8905
Merge: 35c0cea 17da209
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 20:58:32 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 35c0cea4e9f8eeeae365c7f71a7c4baa99b9ce49
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 20:57:23 2008 -0500
moved pluto.log from /tmp/ (memory) to /var/tmp/ which can be red from the host.
not sure if this will cause a problem becasue the files will be appended?
appending during tests is not a good idea; would confuse
commit 64a6ed92f4c78b3b89587d3a3141a05b19c32102
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 20:53:10 2008 -0500
added ikev2_x509.o
commit 49adee27130141a09f87a08dc408370d454869ba
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 20:52:45 2008 -0500
improved comments to add ikev2
commit 17da209bddaffdacc5150f16768efde22866e43a
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 01:22:59 2008 +0100
cosmetic change
commit 14110cea8f3b7881d71a62c32122c9f03936f82f
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 01:05:00 2008 +0100
fixed doi_send_ikev2_cert_thinking
commit c2a2d232cfcd8f1edf1c56a679d2f7ec17ab2391
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 01:01:27 2008 +0100
to send cert check (c->policy & POLICY_RSASIG) instead of
(st->st_oakley.auth == OAKLEY_RSA_SIG)
commit 98b2db0dc016dea3715f59c3c6af37b5f0234ede
Merge: eda0c5d e0924d7
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 00:54:42 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit eda0c5d2be0d40c2ed0ce67e984ffd3bdbe6abdc
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 31 00:53:55 2008 +0100
trying to send cert choosing based on policy
commit e0924d79aa5a9f6b570ad2491af724f87bb7b671
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 17:55:54 2008 -0500
added debug lines in east.con and west.conf
commit b2d254083d35d90127c3cc664ac899d0851e84bd
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 23:39:15 2008 +0100
fixed some typos
commit 87a0bdd61dad2eb34ef016618e53e5ea2232f877
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 23:27:33 2008 +0100
moved x509 stuff to ikev2_x509.c and added log for send_cert decision
commit fb6d4cf68c07d395bc5c0e882cdf5a99d4d3eb34
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 16:40:08 2008 -0500
factor out x509 bits from ikev2_parent.c
commit 2ade153bca934ec9e928a60d05878549b95105f7
Merge: 5dbb693 73a0409
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 16:29:56 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 73a0409741636690179d3ebf75a9af85654fc36a
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Jan 30 15:38:04 2008 -0500
Gen X.509 certs for each regression run
commit 5dbb693896de02e16fee92fdac59304b3a234c4d
Merge: bf98fec 58219d4
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 15:18:28 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 58219d467eca8d4206354f48bdd395416437e3ff
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 15:12:15 2008 -0500
Remove bogus line breaks.
commit bf98fec3324baa1425640bec1d03d19024c89a32
Merge: 1e8472d 39d82f8
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 14:49:47 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 1e8472de51b59ba0f3b131ff64ff2ec36f5b7b17
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 14:49:07 2008 -0500
passert(userCertificate.len == 0); is failing so remove for now
paul may reiview it later.
commit bc29c66346dcd9df062c8d1f1a19e8e9de442925
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 14:47:06 2008 -0500
working on I2 x509
commit 39d82f8e043ef274d1f4e6bf90e25e8481caa8b4
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 20:23:23 2008 +0100
Define our own conn, because the also= conn used was loading both east
and west certificates, instead of sending/receiving a cert via IKE.
commit bbd290d7c536c7ca042665c720db7e3da7209e02
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 14:12:06 2008 -0500
added I2 and R2 test cases for X509
commit 2aebea9b3480dfb15cfead8fb1c447e19aada1a9
Merge: 28ca8d2 ead0c2a
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 17:09:21 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 28ca8d29bb10029d7d5a279f724368f4f0662f38
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 17:08:44 2008 +0100
Fix ikev2-x509-01 to use new certs.
commit ead0c2abc6df7c0a9e0511ddae9710cab4dc3161
Merge: bb59a23 9ab0839
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 16:45:17 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit bb59a23cf40c09a23978908f425b56ad61951429
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 16:42:59 2008 +0100
working on send_cert, send CERT payload defined new cert encoding
according to RFC 4306
commit 9ab0839dc42e38f650713fdecd0df3617ff74641
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 16:19:51 2008 +0100
Set the execute bit on all testing .sh scripts, so bash command completion
works within the manually started umls.
commit 86252ca5825328bc1af0691ef12eda8d6dffe278
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 16:16:26 2008 +0100
Fix secret files to use new X509 information and new passphrase on key.
commit f8ea10942ab0825d5ac483952cab7826513fdc39
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 16:05:51 2008 +0100
Updated all test cases that old obsolete uml.freeswan.org based
certificates and CA cert data in the conn and/or output.
commit db5b6c8848da32d011e0fabedd7d3d6a7b138c25
Merge: ca38ea9 5093e35
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 08:19:32 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit ca38ea9ee10d7745878d2afb2b279e1a8e2320a0
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 08:17:51 2008 -0500
remove old uml.freeswan.org comitted certs.
commit 24ddc3022904d4f6c8d7d013ec2ec6398d3c9aff
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 08:16:42 2008 -0500
remove bogus gen_testcerts.sh
commit 5093e353eaae467ac7b865386a176a9f675208e0
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 14:16:15 2008 +0100
Use testing/x509/dist_certs to generate all x509 material for testing.
commit 5d61e719c2f3d851cf9d60f196ee6844f9cb744c
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 14:03:17 2008 +0100
Fixed for DN's and cert filenames in ipsec.conf.common.
commit 780e90abae0e5106d6908eed6995eb49d5363b79
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 07:57:49 2008 -0500
remove comitted openssl generated private/{hostname}.req files from repo.
commit d983b82b564cdacd4277cb89257eabbf9adbda83
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 13:56:18 2008 +0100
updated X509 testcases from openswan.testing. This uses our new certificate
infrastructure.
commit 2bd296b95a2b4348b3e68d8854ce151b932ceba8
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Jan 30 13:28:43 2008 +0100
Start of testcase ikev2-x509-01
commit 67814cc06c18d6fd14056e1f755b7d0bb4c776ff
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 30 02:40:17 2008 +0100
working on send_cert
commit 0aef4ab2b93c2658923550129b84aa8f0a47960a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 29 22:19:36 2008 +0100
Added a case to log notify messages we receive.
commit 7ee1ef674ca0781955a2b96d43118048dbd8df9e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 29 22:03:51 2008 +0100
typo in error msg.
commit 61fb384570f5407965a23795bee595e6ec6cd8a7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 29 22:01:06 2008 +0100
Added two log messages to get a better idea why we don't properly receive
racoon's peer id when using psk in certain cases (misconfiguration?)
commit 6605c92086ba47957397e8678fa2cf3d77082743
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 29 19:54:00 2008 +0100
added note to testcase.
commit 8361581fbd926c30624574bf13c89190b274805b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 29 19:42:26 2008 +0100
Check to see if we need to send IKEv2 CERT/CR payload, similar to IKEv1.
commit 2f4fd1a07fa3ce18fedc9d7c854d8e6ab45b115f
Merge: 76788ee 690f114
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 29 18:27:58 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 690f11440882569232232d669ae6cef82f16d9e4
Author: Antony Antony <antony at xelerance.com>
Date: Tue Jan 29 12:00:49 2008 -0500
commented x509 parts
commit 5cb2bd27f48124c868f7a6626c94cf249fbc32c7
Author: Antony Antony <antony at xelerance.com>
Date: Tue Jan 29 11:21:03 2008 -0500
putting place holders for IKEv2 CERT in I2 & R2
commit 76788eeff19ed25ffef185b579ea4b7e0b124443
Merge: 7624fda 2cc3075
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 29 16:10:54 2008 +0100
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 7624fda0c6d20e42b9237dbe1f33ad7143690c9f
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 29 15:29:10 2008 +0100
Added testcase for IKEv2 bug #890
commit 2cc3075bff15d1adbd99d3ab0030c0f4bde5d7d7
Author: Antony Antony <antony at xelerance.com>
Date: Mon Jan 28 16:46:03 2008 -0500
use I3psk pcap instead of I3 pcap.
commit 336dd69c95ade7e5d0280412f111e28d2c882e9b
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jan 26 16:21:28 2008 +0100
pull up from #testing
commit bf6556a279b24ed80b2ce6b5d5c455bee3bbcb07
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jan 26 16:16:12 2008 +0100
Remove quotes around BISON= because otherwise OSX tries to find the
file "yacc -b"
commit 4c3f1b3276ee5568dfb3ae67b5a6f2d23c3fc6a0
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jan 26 16:11:43 2008 +0100
passert() on a valid compiler warning about possible using userCertificate
uninitialised, since it depends on a while(switch()) case order. Also
explicitely set userCertificate.ptr to NULL.
commit 3e0eba346d4ce927c16af6417df72811681149d8
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jan 26 15:32:10 2008 +0100
Fix for warning about using unset 'same' variable.
commit 7c8c80aedde541bbd70e7383d33a0fa248df341f
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jan 26 15:03:49 2008 +0100
Updated CREDITS.
commit 5ad5a7fec84645cc4b91e62e8e49d9cfbda85d2f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 25 20:00:07 2008 +0100
Updated changes.
commit 70377b501b7378f6e89d1a1ba23c9bfbe3d4d273
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 25 19:38:47 2008 +0100
unversion versions in openswan.spec and openwrt Makefile so they will get
replaced in the release script.
commit 13bda2c1cb8b6a35a3842dc042d433478fcf4ffb
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 25 19:33:16 2008 +0100
Fixed expected output for parentI1psk.
commit 0edd7c03f5c3f828996676364f585c56d2721c38
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 25 19:22:38 2008 +0100
Fix output to be PSK, not RRSASIG for psk case on west.
commit 12cf708bc1e3631fa5b52b11affb21a8b2ae624a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 25 19:17:07 2008 +0100
Remove whack debug commands from expected output
commit 51d562df83b8050a78553e2b3ac4a6665da318af
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 25 19:12:45 2008 +0100
Remove whack commands that change the debug level.
commit 21680e0df709a1046ab41afbf71bf0d4e3515a66
Author: Antony Antony <antony at xelerance.com>
Date: Fri Jan 25 15:54:42 2008 +0100
use pst instead st for ikev2_verify_psk_auth
commit 1f3b8493146825e1024b7c8dd4f8921e5f2897c4
Author: Antony Antony <antony at xelerance.com>
Date: Fri Jan 25 14:08:00 2008 +0100
added a temp debug line to check nonce are there remove this later
commit cf4c24fa2c04bcc710de602d162226560e8e5421
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 24 14:54:57 2008 +0100
added iniitator verify_psk_auth
commit c918fb83fd3eb023035e711c1651e5a5c35b8f96
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 24 08:11:57 2008 -0500
added test case parentI3psk & cleaned up .gitignore files
commit 1f9480fc0c0261af7dcb032973d3290da148069e
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 24 06:58:27 2008 -0500
Fixed I1/R1/I2/R2 PSK Ikev2 test. Now established Child SA.
commit 6ed9c2a59d9f05253d088a1e457ceb492ec24bab
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 24 05:41:35 2008 -0500
use psk pcap file for psk test case.
commit d3aa07603a2f9dd7210c6c591c180bf68924cf5e
Merge: 833247a 3a157d6
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 24 05:40:07 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 3a157d6ddf644f343bd13d6f4167221ea44cf29d
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 24 02:53:51 2008 +0100
added seem for verify_psk_auth
commit f496bf7013b5f02b4c6b51bc4c4283268e821f23
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 24 02:35:32 2008 +0100
added ikev2_verify_psk_auth
commit 833247ad45d3204dca8516e68c1c68dd28dfb542
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 23 20:03:53 2008 -0500
now ikev2_verify_psk_auth also.
commit a9e0f625bfd5e400bad5c387437c22f0d3434511
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 24 01:53:47 2008 +0100
worked on verify function!
reworked functions and the ghost bug has dissappeared!
commit ef4948cb072eafeb81cd5a460ddc02b76e3a9b03
Author: Antony Antony <antony at xelerance.com>
Date: Wed Jan 23 12:41:27 2008 +0100
Fixed warnings caused by %u instead of %lu and type casting
commit c1e65e56399329541700c9f6737ade7eb8ee0820
Author: Antony <a at hal.phenome.org>
Date: Wed Jan 23 12:21:11 2008 +0100
fixed warnings
commit 4507328aba58946175f3a1629ac3f8591998cb79
Author: Antony Antony <antony at xelerance.com>
Date: Tue Jan 22 13:56:25 2008 -0500
hunting a seg fault. this is a working version.
commit 30ac034f0207348bd8356b815768eaabea210dad
Author: Antony Antony <antony at xelerance.com>
Date: Tue Jan 22 13:35:06 2008 -0500
working on ikev2_psk.c need to add more log
commit 7b88803beea2dd69197c929516d97c7de0175cd9
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 22 15:47:41 2008 +0100
Added lib-parentR2psk unit test.
commit f9f1476e667beecd2a85a185479a48fedab57b13
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 22 15:12:42 2008 +0100
Added seam for ikev2_calculate_psk_auth()
commit 939b389d982c837720a164a9f6e3ed10ee6a0b09
Author: Antony Antony <antony at xelerance.com>
Date: Mon Jan 21 21:51:47 2008 -0500
added more code to ikev2_calculate_psk_auth
commit 9cd1630f97b7489e6bec5a4cb44045144fee5346
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 21 21:12:43 2008 -0500
R1duplicate test case output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 063aa2ae87c169d260472b9cb903ccd95b9774dc
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 21 20:59:34 2008 -0500
on responder, find R1 state by initiator cookie only.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2fe78af06df64b8777e27947f8f190e0b932185d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 21 20:58:53 2008 -0500
added psk seam
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7e52bede78da43dbfd3abd23f743330d96a5bc7e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 21 20:58:39 2008 -0500
added path to find certificates.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f56acd09fd82b5932e85f8b212710e086660f1ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 21 20:57:06 2008 -0500
adjustment of test cases based upon changes to responder cookie controls.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2347ec8d0d2b966e3de190ef1ba79c9c86996b67
Merge: de2170e 82b2686
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 21 20:14:39 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit de2170e96bcbbc196f11e883d552e6e8591dab4e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 21 20:14:34 2008 -0500
updated duplicate packet test.
commit e3b056ef95084c0953786a9f65f519c29a629863
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 21 20:13:52 2008 -0500
corrected unit test flags.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit af2ec4ff4a1afba8f0c5e1cf92d8651dfb4b498a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 21 20:13:16 2008 -0500
minor rework to when rcookie is inserted into hash.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d598cb2f69d01398ae4a819bcdb7c7845edc6ce6
Author: Antony Antony <antony at xelerance.com>
Date: Mon Jan 21 19:49:21 2008 -0500
updated function names ikev2_calculate_psk
commit b485fcdd6c11f22c153415c4729161137b5043d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 20 22:22:14 2008 -0500
make sure not to deref NULL p1st when checking for stuck phase 2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e256e6dca5b0bab8d184a8f592aede7d2bc5c4ab
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 20 22:20:38 2008 -0500
minor changes to way that certificates are found for unit test cases.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 82b26865961901d181001d388125f7717872d3a2
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Jan 20 23:52:53 2008 +0100
Fixing by mcr to let ikev2_psk.c compile with -Werror
commit 94e528579a6b2fbfb66dd2998a2faf2f9ef4cb71
Author: Antony Antony <antony at xelerance.com>
Date: Sat Jan 19 10:15:56 2008 -0500
Add proper seams.
commit 0afefd914c3822e33e21a1b95955149c6797ea34
Author: Antony Antony <antony at xelerance.com>
Date: Sat Jan 19 10:15:26 2008 -0500
Fix prototypes in seam
commit 5935b7f71e10ff3193d1a4e1ad67ad4846a44c09
Author: Antony Antony <antony at xelerance.com>
Date: Sat Jan 19 10:14:36 2008 -0500
Use the right secrets file. Includes proper seam code.
commit e2e90ac474d3d49a4da55534469addc98d97f093
Author: Antony Antony <antony at xelerance.com>
Date: Sat Jan 19 09:51:12 2008 -0500
Fix secrets to use id instead of ip.
commit ed987d2c224be75fb6d42f8a9f03feb13ff0ebde
Merge: a0810e7 28d2da9
Author: Antony Antony <antony at xelerance.com>
Date: Sat Jan 19 09:15:09 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit a0810e790b1227a034d1bf6c9e36197c754fbf04
Author: Antony Antony <antony at xelerance.com>
Date: Sat Jan 19 09:13:17 2008 -0500
crypto test case for psk, I2
commit 28d2da96e322a81fc88fde1d8b7158fad881d4ea
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jan 19 11:29:32 2008 +0100
Enable building debug packages in the spec file.
commit 8a207cf1ba7d4f6f4c574ae377bec3354d35d74a
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jan 19 11:29:08 2008 +0100
Patch by Tom Mraz (RedHat) to fix the double slash in building libcrypto
parts, which triggered an rpm bug when building debug packages.
commit 2a4868ed2913cb20c084e1cf487d3966766b4d93
Author: Antony Antony <antony at xelerance.com>
Date: Fri Jan 18 14:57:39 2008 -0500
Added secrets file for psk test.
commit 42a0d20cd9665f4660ffcb3ba33d4ca4bf1ce2c8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 18 20:53:04 2008 +0100
Use #if 0 to avoid issue with nested comments
commit 040306abf95b74a028532337ad84a797b79e905f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 18 20:51:50 2008 +0100
Added prototype for ikev2_verify_psk_sha1()
commit 97a73c89da34edf5ae554b06eb9312c966dec335
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 18 20:40:49 2008 +0100
Added prototype for ikev2_calculate_psk_sha1()
commit 1aee28d1b0f4bb16df9b62795d15c7e1d41bbdc4
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 18 20:39:13 2008 +0100
dummy out rsa code.
commit d87a2ac77a3e98fecd4c15c03e57ecf3494c48b5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 18 20:36:59 2008 +0100
Dump the PSK to the logs, to verify we correctly found our psk.
commit 12b37fa1501fa633ee0b453384c27942f8696e23
Author: Paul Wouters <paul at paul-2.local>
Date: Fri Jan 18 20:22:42 2008 +0100
Fix function name to ikev2_verify_psk_sha1()
commit 4a9bbb5f91667d3823799aabf10872071c7a9514
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 18 20:18:02 2008 +0100
Added ikev2_psk.c (based on ikev2_rsa.c). Still needs to be modified for
psk. ikev2_parent calls ikev2_calculate_psk_sha1() in ikev2_psk.c
commit 2101268ff92f47f803948e340ed782dfdc9211b9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Jan 18 20:11:17 2008 +0100
Call ikev2_calculate_psk_sha1() for ikev2 PSK.
commit e2d5580d392831fdae1a117a9d57cb49295c9b88
Author: Antony Antony <antony at xelerance.com>
Date: Fri Jan 18 06:03:10 2008 -0500
created parentI2psk test case.
commit cb5a45735a3c20f7fc277f60c64fa1558fdb9d21
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 17 14:55:07 2008 -0500
unset env vatiable TERMCAP
commit f44130876914e4967ab33e5f149f1400c2986535
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 17 10:44:20 2008 -0500
first responder packet for PSK unit test case
Signed-off-by: Antony Antony <antony at xelerance.com>
commit 8006ce0f2d7a0bc4ecfa83688ae27968f04b1d86
Author: Antony Antony <antony at xelerance.com>
Date: Thu Jan 17 10:24:16 2008 -0500
First PSK unit test - send I1 with right IKE policy from whackrecord.
Signed-off-by: Antony Antony <antony at xelerance.com>
commit de9daa2ffdb7b102758f86181e5b3806d1e64343
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 14 14:45:24 2008 +0100
Added ikev2* tests to TESTLIST
commit 4cb3fdbf1207d8a74c42c4f5d8d8b39f85a749e1
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 14 14:42:22 2008 +0100
Fixed an old use of $kamepfkey to $netkey. This caused all tests to fail
with: +ipsec_setup: /usr/local/lib/ipsec/_startklips: -f: command not found
commit 7807398bdd53d044bd2f798910573b5bdbb04af9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 14 14:42:04 2008 +0100
Fixed an old use of $kamepfkey to $netkey. This caused all tests to fail
with: +ipsec_setup: /usr/local/lib/ipsec/_startklips: -f: command not found
commit 0fe464bc1fcdc870ac638da37d5f1724a2d4d365
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 14 14:37:20 2008 +0100
Added netkey tests to TESTLIST, so that they will actually run.
commit 70d71a2fdb38cd9f58095317787a40ebb40130bd
Author: Antony Antony <antony at xelerance.com>
Date: Fri Jan 11 11:30:12 2008 -0500
added ikev2 psk test case.
commit dce1c7d7cdbf8d18dcb2a123be34401f9cf7a98b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Jan 11 10:47:09 2008 -0500
added missing seam_terminate.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dc140a8c850184206e834aba10c6d3a7a70cbd97
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 10 17:46:15 2008 -0500
#889 -- ipsec_delete_sa() does not use any stack specific functions, so all
underlying things should either work or fail at a lower-level.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c840ad886fcaea3579776991b7012bdaf010ba5e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 10 09:11:22 2008 -0500
make netlink_shunt_eroute_fake() static, so it requires no prototype
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b1448a4259e3f1c521c0bedf7bf42fdd68bb8b65
Merge: c9ad79f af48568
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jan 10 06:32:06 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit c9ad79fb1e1fc7ca6b62df383e0c21f95966b388
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Jan 10 06:26:01 2008 -0500
Added testcase for bug #890 (pluto failure with esp=null-sha1-96)
commit 1ee65237e1300ed54c310bfa82f57e1edd868781
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 8 20:09:43 2008 -0500
split out SA termination routines from initiator ones, fix all the
unit cases to include seam_terminate.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0e71dcba89e41032d19ff980409f51c36f0d5439
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 8 20:09:09 2008 -0500
patches to permit IPv6 SAs to be negotiated for IKEv2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
commit b829c5bd676b30c7892de19fa819b99f6ec77a08
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 8 19:58:31 2008 -0500
repaired rp_filter munging code by replacing rpfilter2= variable.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit caba779b392c9799ad20eccc35600614c2a53818
Merge: 5d85e67 db60a07
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 7 07:53:06 2008 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 5d85e676ae29e4c33a261dbb8fc56eb98e730452
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 6 23:01:32 2008 -0500
#889 - properly delete SA when --delete is invoked.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3959e250e72c46eb63b238f385764d008ef965e1
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 3 22:01:35 2008 -0500
#889 - split up initiate/terminate so that terminate can be unit tested.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit af48568523a463b6b7477ad988b617e6f9b07b25
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:41:43 2007 -0500
Match new policy in output
commit e366b5a497cd79a3843fdb411079cda09c2c6c03
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:41:24 2007 -0500
Match new policy in output
commit 9a88d6701fb12a0a492620dce07da83e8dcda1f0
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:41:01 2007 -0500
Match new policy in output
commit 7e5604147c8c57c9c450a8120573f1cb36ed5d1c
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:40:36 2007 -0500
Match new policy in output
commit ff0a5aedcbc8d3e428d6e60163d4b9ca67871de3
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:40:03 2007 -0500
Match new policy in output
commit 6be1027dfbddba605ff741e8b281eb9dedf3910b
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:35:01 2007 -0500
Match new output with policy line chnages
commit c3a2c777fbcbd8f7ab27b7e941e38d446d16ff9e
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:33:43 2007 -0500
Match new output line about kernel interface
commit 08ea6d776cd549484c662925112a8d32d4ac2a93
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:31:58 2007 -0500
Match new tcpdump output
commit 97b1b96d18954e9547248df82f5d563654fdf621
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:31:15 2007 -0500
Fix packet count
commit bf8905efd0ffb5c8ba165c310bf29cddeefc905b
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:30:50 2007 -0500
Fix packet count
commit f263b421daa3ded598f5aab1ef6d9033e9d8fde2
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 24 07:30:18 2007 -0500
Adjust to reflect new policy changes
commit 86ec1326a1a5f63f18abce9cea8ca78ac0be2e6f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 23:57:34 2007 -0500
Do not build debug packages, since a bug in an rpm macro, together with
a spurious double // in our use of libcrypto// is causing rpm builds to
fail. I couldn't find what is causing our double slashes.
(cherry picked from commit db60a07042d650a9bed9456967b607fe3abf6957)
commit b84f6a11695e199ca48ed4dbf2eb0865b63b749e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 23:38:15 2007 -0500
More cleanups of the spec file
(cherry picked from commit fec1ca301b2f9aee35a9546ccda3e7e0ac694260)
commit 9ee2a46c9152611e4445405e1e6da97a3f22d9de
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 22:47:55 2007 -0500
we don't have doc/manpage.d/* anymore. Don't try to copy it.
(cherry picked from commit 8551abe6608a2cd40b9d4f279e4c9795e5d9bf20)
commit c689e4c21a986a7536909b278f8ce327cab4a8f0
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 22:46:22 2007 -0500
Updated spec file
(cherry picked from commit 252fa87d969bb4ad73769caca03b9828be932782)
commit 7dba864d418d792dcc89670b35d2120a5b885c91
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 22:37:21 2007 -0500
Change version string in spec file to be that of Makefile.ver, so it
can be replaced in build/release script.
(cherry picked from commit 292ec8b695add2a63c130eb6dbd8e4d2175e177e)
commit 628efba0347aeb601d31f453f0a5294aac166758
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 22:36:29 2007 -0500
strncat() adds a \0 to the string, so all copies had to be sizeof() - 1.
This caused errors when using -Werror (as per default in rpmbuild)
(cherry picked from commit f5bfd2bf9421500e162ed809ba8dbaa60c202a84)
commit db60a07042d650a9bed9456967b607fe3abf6957
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 23:57:34 2007 -0500
Do not build debug packages, since a bug in an rpm macro, together with
a spurious double // in our use of libcrypto// is causing rpm builds to
fail. I couldn't find what is causing our double slashes.
commit fec1ca301b2f9aee35a9546ccda3e7e0ac694260
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 23:38:15 2007 -0500
More cleanups of the spec file
commit 8551abe6608a2cd40b9d4f279e4c9795e5d9bf20
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 22:47:55 2007 -0500
we don't have doc/manpage.d/* anymore. Don't try to copy it.
commit 252fa87d969bb4ad73769caca03b9828be932782
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 22:46:22 2007 -0500
Updated spec file
commit 292ec8b695add2a63c130eb6dbd8e4d2175e177e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 22:37:21 2007 -0500
Change version string in spec file to be that of Makefile.ver, so it
can be replaced in build/release script.
commit f5bfd2bf9421500e162ed809ba8dbaa60c202a84
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Dec 20 22:36:29 2007 -0500
strncat() adds a \0 to the string, so all copies had to be sizeof() - 1.
This caused errors when using -Werror (as per default in rpmbuild)
commit f19a7310e1790bd201636397844a318c0bb3cb97
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 22:49:42 2007 -0500
#840 - hash of ID payload must exclude the generic header, just the contents.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ef7120b4e01a16c7973914b7d167db07a68e5fc8
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 22:44:23 2007 -0500
#840 - configuraiton for racoon2 to interoperate with pluto.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3c988519b5e9fea91b978b4ee63a314fa401d81a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 19:55:57 2007 -0500
#840 - do not die when we receive non-critical unknown payloads.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0485d3afdf5ba6f151d14b6b6888c3ab2bb22467
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 19:55:20 2007 -0500
shorten duration of test by using only one ping.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f789468cee4e8d68645eae87d0a016edba575e45
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 19:53:35 2007 -0500
permit leftid= to be used even when using leftcert. Do not override
the ID type unless the ID type is none, or %fromcert.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 393d56193be18bd827dcbf751668187707996383
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 19:43:17 2007 -0500
#840 - updates to change ID hash calculation to match racoon2
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 689247d1297cdf3b00ba4d97ae8b7c452c3fa0d4
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 19:39:28 2007 -0500
additional change to test harness after change to permit leftid to be used
even when certificates are loaded.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d2c5d454778701e06e1363b7f03375ac4610fd65
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 17:35:16 2007 -0500
#840 - test case for interoperation with racoon2 -- confirm that config
works for osw/osw.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 01c5c101ce6ff218205728876d2c586cf66ed9c4
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 17:28:45 2007 -0500
added missing "test" to -f test.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c3a074093aeaff30644efc26b6b2eacd0d7fb320
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 17:02:51 2007 -0500
although the best bet is to generate all certificates at each test run,
it's not always convenient. I used testing/CA/resign_cert and dist_certs
to update the certificates in the trees.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7b476df8b2e144d0ec8ba41c99b45a708a6e0bae
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 16:52:31 2007 -0500
left leftid=%fromcert to get ID from certificate, otherwise,
do not force this default on people who might know better.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 87a103b0d05195ec085ee79df75b2dbd9c27ff03
Merge: b2218eb 72f95be
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 18 12:55:39 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit 54a9c05b7574d8489020c4dfe31f4cd3513b73d3
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 12:55:28 2007 -0500
#840 - calculate integrity check from the beginning of the UDP payload,
rather than just over the encrypted part of the E payload.
Note that this includes the length field in the ISAKMP header,
so we need to arrange to close the packet so that the length
has been calculated before we encrypted, or authenticate.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b2218eb99675f4197dd874a16271d0ea09c9269c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Dec 18 12:54:51 2007 -0500
Updated some documentation files.
commit f7de8611d2e3fea82b86c680ac7671005f7e7f0f
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 12:54:09 2007 -0500
#840 - detected problem with integrity check of I2/R2 packets, the
check was calculated on the encrypted portion only, not starting
from the beginning of the UDP payload.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 00d8110eefaf5c4130605c6c95a3df7d26ec10af
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 11:57:26 2007 -0500
#840 - fixed nonce coalescing to deal with nonces of uneven sizes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 72f95bef86d457856fdbb0b3134650cf33beac36
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 10:59:05 2007 -0500
Signed-off-by: Michael Richardson <mcr at xelerance.com>
Conflicts:
programs/pluto/kernel.h
commit 462e1bc303e7045e7e32004ce5f20eada6362fe5
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 18 10:53:55 2007 -0500
#838 - adding log of which kernel interface it is using.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5cd145436194f7b00edfc603bcda34ca8416c08c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 22:18:35 2007 -0500
updated to include sendcert=always. as being the default setting.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f20a4e327a88fad2d60171bba5b7d0280f4feded
Merge: 018b4f5 cc98aac
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 22:16:10 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#ikev2
commit 018b4f5e7164cf7324f4fd22b600d8bcd53a9736
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 22:07:36 2007 -0500
make function static so that it doesn't need a prototype.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e1b92e7f4370a6a12fb3fddc19c89cb4b2b2cd31
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 17 21:26:47 2007 -0500
Added shunt_eroute stub to log we have not implemented this for NETKEY,
so passert/pexects do not trigger. NETKEY still relies on code that
is compiled in only with -DKLIPS so define it even when compiling just
NETKEY support.
commit d79abb3ebadd23d997ade4520c09685cce1739a0
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 21:31:39 2007 -0500
provide a nicer error/diagnostic if the kernel we find has both
netkey and klips, and we are told to pick ourselves. Likely, it won't
work if both are loaded as we will pick the one which doesn't get incoming
ESP packets.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 01447f8fcf1cae2e4d8a24f8fda05d6b71aa761c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 22:03:47 2007 -0500
#838 - this is where we need to add check for presence of kernel algo.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4af011e3fdc66eff09506b89301906ae14dc6719
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 21:58:32 2007 -0500
temporarily turn off modecfg_windns members of whack.h until the whackrecord
used in the ikev2 pluto unit tests can more easily be updated.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ce6bf85703bab23e2852df41114ef40325596c63
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 21:57:45 2007 -0500
#testing code for connections.c included direct reference to kernel_ops,
replace this with a function call, as that is easier to add a link seam for.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 40f040a696fddbfcb49d0118fb505efbe0c51799
Merge: cc57a5f 4d5d176
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 21:32:00 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit cc57a5f29f722ff13d2a5b71fb89c44715d5a8b4
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 21:31:39 2007 -0500
provide a nicer error/diagnostic if the kernel we find has both
netkey and klips, and we are told to pick ourselves. Likely, it won't
work if both are loaded as we will pick the one which doesn't get incoming
ESP packets.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4d5d1761380d63fb16cfc0dfc5cf3024089514aa
Merge: cbf0ac6 1bcb8cb
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 17 21:27:29 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit cbf0ac6149d9a0282e0f6e7ee95c4abbb3ee912a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 17 21:26:47 2007 -0500
Added shunt_eroute stub to log we have not implemented this for NETKEY,
so passert/pexects do not trigger. NETKEY still relies on code that
is compiled in only with -DKLIPS so define it even when compiling just
NETKEY support.
commit cc98aac4e5188800373db1a4d8cdf2d83b7bbf24
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Dec 17 20:58:23 2007 -0500
Fix another test
commit 1bcb8cbc9e118982a9511f25bcd6c5619978a7a5
Merge: a772422 d037cdf
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Dec 17 21:00:29 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan#testing
commit a7724226731e0a40262d60cb5656281039ed30ea
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Dec 17 20:58:23 2007 -0500
Fix another test
commit d037cdf309bbb56278e6e4524b973a047e5c86ac
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Dec 17 18:48:30 2007 -0500
Updated
commit d14f87f113c35710b0f2754c1b99048b5d05e5c8
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 15:13:48 2007 -0500
Move modecfg items to end of whack message to preserve WHACK_BASIC_MAGIC
structure integrity.
Signed-off-by: Ken Bantoft <ken at cyclops.xelerance.com>
commit 0c8cb9e34bee0d78b9e96253caa4af49dff11e77
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Dec 17 13:04:37 2007 -0500
Fix klips vs. netkey tests
(cherry picked from commit 96a8150b53c66ae700bb1491baa2ae85b015b671)
commit 825215fd9df1db1f44b8ca8ca4793164b65cfc67
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 17 11:25:14 2007 -0500
Fix variable name for testing netkey stack in startklips
(cherry picked from commit cb805f279d1a287b3f74f009838c1f3478688369)
commit a3d395be36393686ad1003ef5df9a1f4005bdfdd
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Dec 16 20:37:38 2007 -0500
Cleanup switch case
(cherry picked from commit 7164b6f2b1452bf4b601c6104bcbae503e4622e3)
commit 7e8a68791c738ebb200c95ab633a29bb27f408df
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Dec 15 08:22:34 2007 -0500
Fix syntax - this is a switch, not a label
(cherry picked from commit 5fd3f9fd56c4b05c207188ec5305849f8305891c)
commit 49503ea44c08a627d9bea29e69e7c4296f04151f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 3 14:53:51 2007 -0500
sync'ed openwrt Makefile with nbd.
(cherry picked from commit 483f027719ebf83288bac265c7cfa6bbd8dd3a59)
commit 646d9325d30de38587a18580efb5b5060838a884
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 3 10:40:06 2007 -0500
Fix check for "klips and netkey" loaded.
(cherry picked from commit fe789235d9c08c1a90bed9c1bca4504ca93bac0c)
commit a3f873846c01370f04e57f341bad8de8e688cbec
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 2 21:30:23 2007 -0500
Don't use ipsec look but use ip xfrm state and ip xfrm policy in netkey-pluto-01
(cherry picked from commit 7e47cb82a17b662e4b1fe4b758a5887517ad6114)
commit 3a6e1fba6168fc6b80a253f97f0c7209028b8efe
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 15:20:02 2007 -0500
fixed up makefile --- bail if iproute2 not set.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit fd9d40e84f8abe4de659669a7adc5f6c018555aa)
commit 71b3cdb59fceaee1df75487351dda2331e5cb072
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 15:18:36 2007 -0500
fix for cherry-pick error on VIRTUAL_IP.
Signed-off-by: Ken Bantoft <ken at cyclops.xelerance.com>
commit d7ff237d408f903abc5d6e24ddddb22633e02234
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 15:17:51 2007 -0500
removed unnecessary POLICY_MODECFG* items
Signed-off-by: Ken Bantoft <ken at cyclops.xelerance.com>
commit f54cce4bb8698e9f4699ad3f42e8be1f89f85a8e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:45:34 2007 -0500
updated changes.
(cherry picked from commit 8a2aac2a47d62a3711c6c93eff72339059707fcf)
commit 2ffcf1b70d1ad8d1755c603a7bdf45df51a0c77a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:40:22 2007 -0500
Added new keywords to confread
(cherry picked from commit 17f413efe59d45094f4eebfa24c1320c7914a989)
commit 5c3c80f20ebaec78e8b3184071c207f7e87e6eaf
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:39:52 2007 -0500
transfer DNS/WINS options. (should this only happen with NAT-T?)
Added workaround for SofRemote clients using phase2 IV instead of
phase1 IV. Workaround disabled per default.
(cherry picked from commit c18ed44e1c2cc6ee12de7d81ed177658e74f5a69)
commit 8bfc239530e9f7ab6fdbdfe578c5c5eb5b2c7096
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:34:45 2007 -0500
Add WINS/DNS options to whack.c. Act on modecfg DNS/WINS options.
(cherry picked from commit 009e8618559fedf53f4c1f9b6629e513f84d9b4f)
commit e58843896a16a181563363bef2344d7bf8fd254d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:33:16 2007 -0500
Add DNS/WINS options to man page for pluto.
(cherry picked from commit eea3413f0703203c14ec875b3c29bfe6fa4c13fa)
commit 40762134be4aef03c4c807b78dcfc58fed52d8b3
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:32:43 2007 -0500
Add DNS/WINS to the conn struct
(cherry picked from commit 9dfaf5bec502be5127257d00320403394a91a820)
commit 71cae65eb829b7d38b149fe74f3e0fa9fbce1a86
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:32:28 2007 -0500
Copy DNS/WINS information from whack message into conn struct.
(cherry picked from commit 2a177ce73c02a06f669bf3eb6d02966d796200ea)
commit ef7d0f461ce92c2814d4f543cd91fe7ae13e291c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:31:09 2007 -0500
Added keywords modecfgdns1,modecfgdns2,modecfgwins1,modecfgwins2
(cherry picked from commit efc3e31bce3fa37b78d7f5346b489279d11ee2b1)
commit 3b5940d3ba58f8d422292b2a0d2e5b383bc78dbb
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 15:13:48 2007 -0500
Move modecfg items to end of whack message to preserve WHACK_BASIC_MAGIC
structure integrity.
Signed-off-by: Ken Bantoft <ken at cyclops.xelerance.com>
commit 005971e2e09f76cb37769187215155d45119b275
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:25:00 2007 -0500
Add dns/wins options to the whack struct
(cherry picked from commit b12931dba06f3965b8aebd4691011e96b8f7e740)
commit 2f1a9cc1195310984eb45a86ef7790a4b746354f
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 15:10:42 2007 -0500
new policy keywords for dns/wins options.
(cherry picked from commit 41a55abae5238d2197216c4dc5d41d4e60fa31ab)
commit 85de511f97b051074028b5964a9511025522e16e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:23:16 2007 -0500
new keywords for mode config DNS and WINS options.
(cherry picked from commit 17a51ef508ec890b367b9deeede82f2101055779)
commit 62e410a43a538e2da00ccf43996f924becac334b
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 15:07:50 2007 -0500
typo fix in comment.
(cherry picked from commit 8718968dede1c432cd16e36b9c2bf32b7b1929b2)
commit 6cd68b676db1ccfbb67e3242a2ada27d976366e8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:12:54 2007 -0500
Get rid of diff evertime this _updown.mast.8 gets generated.
(cherry picked from commit 33e91cc23e851c15a5e894aff614143640bd7a6f)
commit ecf45275a9c7dd4e538670be75fc01e966084925
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 15:04:44 2007 -0500
SoftRemote client XAUTH workaround, see http://popoludnica.pl/?id=10100110
(cherry picked from commit 7b9714fc4d5d541bffd8209c64464db431314fb3)
commit 004724d5df0175e63ee8cb55ff47378b24c0d6c4
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:56:29 2007 -0500
updated examples. removed old unpatched Windows examples and OE conns
predating the config option oe=
(cherry picked from commit cc006b1dde0347e494b1151cb4eb33f79f35698f)
commit c1edaf75e583f1e8012e8059e1d7f60bc41c2efe
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 17:32:21 2007 -0500
Rewrote delete_ipsec_sa() to use a switch statement using kern_interface,
and added logging for unimplemented cases.
(cherry picked from commit a1f8d85d9d29370839a20ab36f9618a3b98cb27c)
commit f5be259ee808cdc504e432da595c9fe9b5abc6cf
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 17:05:25 2007 -0500
Only define extern pfkey_plumb_mast_device() with KLIPS_MAST support.
(cherry picked from commit 2fb1ba765af0e32ee1a045b53af47217e693b41a)
commit 940fbc8f4a972334f23d9f1a9b5bf7e575ddb468
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 16:58:53 2007 -0500
Only include klips_register_proto and netkey_register_proto when their
respective support is enabled via KLIPS and NETKEY_SUPPORT defines.
(cherry picked from commit b6d0f817086329ec4ad0b3b8d30a9523fff4accd)
commit a5f028d5972f21e28f3bc9a2b7cf081ebffeec53
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 16:57:58 2007 -0500
Changed DBG_KLIPS to DBG_NETLINK (more intuitive, defined as same lelem(
(cherry picked from commit 6698dcc8c7a0694e6fa20f7c0f021e3627b05ced)
commit 57d5772289dda41ba7d8bd9dd89b73f6da839479
Author: Paul Wouters <paul at paul-2.local>
Date: Fri Dec 7 16:52:40 2007 -0500
Fix comments describing #endif's
(cherry picked from commit 6128d8723520f800b929fd5105ef339b3069ed9d)
commit 5d5f2b95751733517cb3daf538f667db1e54dd88
Author: Paul Wouters <paul at paul-2.local>
Date: Fri Dec 7 16:40:08 2007 -0500
Added an DBG_NETLINK alias for DBG_KLIPS
(cherry picked from commit ff2a1ee89c7bb3c9caace10d7cc7c21c8a03df4a)
commit ea5cef4ae6f0b4e51212a9d31702f62e3b53ebb8
Author: Paul Wouters <paul at paul-2.local>
Date: Fri Dec 7 16:37:31 2007 -0500
Changed a comment based on Herbert's information.
(cherry picked from commit cb4237417cc9b8c833906d4bcd86923000eb9bbc)
commit 2436665221c636b78c20daaec3be79afdcc31cd0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 16:32:27 2007 -0500
Move netlink_register_proto from within KLIPS define to NETLINK_SUPPORT
define.
(cherry picked from commit cced98414251f41ff0c7bbc70e90cc32f9226e10)
commit 69ba98e8fedda338a993043c9e0d834d87a00095
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 20:06:55 2007 -0500
ESP=50, not 51
(cherry picked from commit b6d53a7b08bc816b2b3f554f2879d8a189b2fa9c)
commit 1e4cdd58c859d49a2158ae5ed764ba0819e8ffe6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 20:02:45 2007 -0500
Remove old ipfwadm code. no longer supported.
(cherry picked from commit bf7b620bb16693b9de6e01723ec27c8bb10f5ff5)
commit 04e9ab13bd60d3e72c7aafe8df9879dbc5c449a8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:56:01 2007 -0500
cleanup of _updown.netkey. Remove posix version, remote doroute function
in ip2 version of _updown.netkey
(cherry picked from commit 669959f1e31d330243d032d436c1114d3df66aeb)
commit ac3b04e14e76d1f3f51d2e3147e5543a6a465b9b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:48:01 2007 -0500
Added Herbert Xu to copyright string.
(cherry picked from commit e47a2bf844ba2e25602575764c10405b1b28ec62)
commit c62e7ae1871414c6eb54bf6f83b0da1efc9f7949
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:41:29 2007 -0500
Remove no_oe.conf, which is obsoleted by oe=no.
(cherry picked from commit bc566bcc79cfeec30bdce372a518923960c440e8)
commit ed695e45eb29c5cb1124bfa0cba23feab1a8382e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:27:55 2007 -0500
Remove unused calcgoo - used to be when we provided different ipsec
modules (i386,i586,smp,etc). This is now handled by modern packaging
systems on Linux distributions.
(cherry picked from commit 001285624af725e5d1087cee37d3a8f459d50668)
commit 1758f747a9223eab0fb13986996c4d6a2bd53abd
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:26:16 2007 -0500
Try and unload KLIPS when using NETKEY. Die if we fail to unload and
tell user to recompile or use protostack=klips|mast
(cherry picked from commit 7c2cf1707349c2f8b3d26e754cef527cecf0787e)
commit 15b4f46733f716254850a406fa850f1b4fc9603f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:20:05 2007 -0500
use @@MODPROBE@@ instead of modprobe, so this works on busybox/openwrt
that only has insmod.
(cherry picked from commit 24b66d0e190c257e9af92724ef5ea98261ca22d0)
commit 5a807c91f03356a4c8ecf35959c7781943bad000
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:18:36 2007 -0500
Enforce removal of netkey when _startklips is started, abort if we cannot
unload. Tell user to recompile kernel or change protostack=
(cherry picked from commit a116fc25b4a65c74a7eecfb020c056cbde4fd587)
commit a9083b1e61bc95c4f470ed349793752bd2bbe428
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:01:20 2007 -0500
Only add klips, mast and netkey specific scripts to SUBDIRS=+ if they
are defined with their USE_ setting in Makefile.inc.
(cherry picked from commit 66aeac4882da9848d7982e3a574bc6ea601c8ad1)
commit e28f28feab75fa2f6ff25d1d153d398bc84d5555
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:54:23 2007 -0500
make clean gave an error when USE_IPROUTE2 was false
(cherry picked from commit a329b3376e43df3414534c7fc2d5e63d719519ef)
commit 3c3ae134e6b80166971ed4a97f144a02ffc3cd09
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 16:57:56 2007 -0500
Added note about netlink_register_proto() being in a KLIPS define.
(cherry picked from commit f4c1d5a3607b2ae7b38e30e0dabf4bb4e9d7d0c6)
commit 04d70465ce24c202f68520dd88150f1bd0d4e84f
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 30 00:28:10 2007 -0500
Add done to final1.sh - seems to ensure it actually gets run and
we get results from the ipsec look.
(cherry picked from commit ca9589be31e19f717261916b3095a06a92aeffd1)
commit 3caad4521ad0e461d8f5a32db8483830454d70ea
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 16:58:37 2007 -0500
Added comment at unreachable code
(cherry picked from commit b96ae0ad365567a1db61a7fce95077f60db9844c)
commit e17095b79db627752df5bbfefabad48e2883f9c9
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 16:40:06 2007 -0500
Add case for PPK_XAUTH in osw_free_preshared_secrets() and free the
memory used by s->pks.u.preshared_secret.ptr
(cherry picked from commit ff7fb1ec0c10f9628c6d24e3fe314b792d983c91)
commit 4716be5be190c8bf419119ecd16e2c6f5e5998d4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 11:26:21 2007 -0500
Group USE_IPROUTE2 next to USE_NETKEY since there is a dependancy. Comment
about it. Change "# include foo" to "# Build foo", since it does weird
colour highlighting in vim because it thinks it is an include statement.
(cherry picked from commit 278a743445313649898cf8e26b875e6a57af8327)
commit 24d45ca932e23a26d4927760de4a3f7036289474
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 11:22:52 2007 -0500
Dont allow building _updown.netkey without USE_IPROUTE2
(cherry picked from commit 90f08f806ef155912faf827a4d36503868a7e2fb)
commit 0123b2081012705dc8b7f482688c5c0cd0baa472
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 11:20:56 2007 -0500
Remove the empty *route functions, as apparently shell functions cannot
just contain comment lines. Also removed the full functions in the posix
updown version (which I don't really think we would ever support on netkey)
(cherry picked from commit 96ce3daeefe87fbf887f29b57b869239360bc3be)
commit 7af1967b6a7525c865526ad6a43924ff0782ecd4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 11:09:02 2007 -0500
change version to reflect this is a snapshot and not 2.5.15
(cherry picked from commit 12792c9a607febab8aad498d7a6470b137365ea3)
commit e7ac3043e3029495521be97289a6c8f93c5ce117
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 28 01:09:02 2007 -0500
Fix missing comment hash
(cherry picked from commit 65ef2acfbe26af847426fd66fba8e58352d8c1ea)
commit 65227b33c289de78ace6dd648826ea9420faf9f5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 17:01:40 2007 -0500
add target for _updown.netkey
(cherry picked from commit 01a7ef74a0e830484d16c7fdbc07030f8912c868)
commit b6b86331de1d1df5422699c96c6227694d525dc3
Author: Paul Wouters <paul at paul-2.local>
Date: Wed Nov 28 19:34:42 2007 -0500
List kernel version for "ipsec --version" on OSX
(cherry picked from commit ac0c13845dc2dec6c7fed84c21db482f975e3bed)
commit 2ebf9a567cb041411ed4bfc88c6956d494d83424
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 28 18:43:28 2007 -0500
Changed USE_KERNEL26 to USE_NETKEY and rewrote the comment lines around it
to be a little clearer about what this is.
(cherry picked from commit e07d00792fc3a61597de2746209730aae74476d8)
commit 657b7433e5174c421da34e5284bfa87f307796de
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:51:24 2007 -0500
Added _updown.netkey
(cherry picked from commit d293174b3182d25ea49b331f23c8228e5963a911)
commit 4c911d96b0167ae01bd74c3439095acbc2daab28
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 16:49:47 2007 -0500
Added logging for case where _updown returns a failure.
(cherry picked from commit 6943318b08fbd9a7f5af7c311178a9b4c78021b3)
commit 30723e8b17255243226a5dc9088a768039b4e09c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 16:48:59 2007 -0500
Add PLUTO_STACK to the list of env variables to set in do_command_linux,
so that _updown knows to call _updown.netkey on NETKEY based systems.
Also updated the PLUTO_VERSION number from 1.1 to 2.0.
(cherry picked from commit 5f6bcd1e0513f9a47ddf3c9a26db41cdca2f47c1)
commit 13d039a83073d0cc21d254fc839fcca25fb65087
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 16:41:52 2007 -0500
fixed comment in last #undef, mistakingly referring to KLIPS instead of
NETKEY_SUPPORT.
(cherry picked from commit 7b8f703d5a01566d91b29057321324dc4ebd1c01)
commit 6f8bcd2e31cc93b85945a22653c0a4a7c997f0e2
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 16:28:08 2007 -0500
Only log parent1 type when MORE or CRYPTO debugging is enabled.
(cherry picked from commit b5947366c65d3789e582f59bb4ceaf2a9247f053)
commit a6f5ffaa8f1818922ddd817fb4acec303b1fb238
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 16:13:15 2007 -0500
Add spaces in output of module loading in _startnetkey
(cherry picked from commit 3ca8392af35d64cef5894c390544a7ad1c3d4c34)
commit 47c4c63ef2cfcfbf9111a07a7acffa2af0e95f9e
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 11:26:01 2007 -0500
fix missing ;
(cherry picked from commit cc00ea7e2818f6c05d556ce5189ee1da27d59d84)
commit 264ec861b5f8d6ed21b9b5652fd9955464a1093e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 27 07:56:16 2007 -0500
added some devel aliases to help life.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit f2020be6fd0efeed909053099a3b53462cbfdccf)
commit c95a06b06d4910b010a4e9383dca64e2a8383461
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 00:08:56 2007 -0500
Updated man page for _startnetkey.
(cherry picked from commit 03b959d0db45918ffa16b54953301a36b4e1819c)
commit 5d144405c7d98bf7a6e2f42e89c5207e9c352e8a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 00:01:17 2007 -0500
add a newline after the many loaded modules output.
(cherry picked from commit 7894a802113c468d7110f78ca6a389ab1480f74a)
commit 8d48c268603464833a11342ca1e9d3d40b98ae56
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:59:49 2007 -0500
Remove all code for putting the default interface or route into the
info file. This is to ensure that any script depending on that while
using netkey will explode, so we can fix it to not mess with the
routes when using netkey.
(cherry picked from commit 08a009f9ef131ce3809e289dd0cfe5df427f82d9)
commit 4d313f222c916cb044a14a477c723af6d2444c16
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:58:48 2007 -0500
Completely redone module loading for NETKEY and Crypto API. Now load all
the xfrm* modules and crypto modules.
(cherry picked from commit 35f22e4008e741302d9818059432a3e2a54e4ffe)
commit 4c3b191614ab33d88877e73fbb7d67ce656ca792
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:50:50 2007 -0500
Added /proc/crypto to barf output
(cherry picked from commit f04037680c23874f179994b9c5f3ebd33a516e43)
commit d94e176f17c80880847e735f65413ffaeb3bb8dd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:34:52 2007 -0500
Remove all NETKEY modules in shutdown in _realsetup, currently:
xfrm6_tunnel xfrm6_mode_tunnel xfrm6_mode_beet xfrm6_mode_ro
xfrm6_mode_transport xfrm4_mode_transport xfrm4_mode_tunnel xfrm_user
xfrm4_tunnel xfrm4_mode_beet esp4 esp6 ah4 ah6 ipcomp ipcomp6 af_key
(cherry picked from commit 2a0a9cd5ed66335087b819b846f597dd8d18dc8d)
commit 8a9848b993735085a10dcbb259d82ecd83232771
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:30:45 2007 -0500
remove ipfwadm and ipchains checks. We no longer support linux < 2.4
(cherry picked from commit c62d3b832237b4428e24c1d004d3214000d6738a)
commit 151e28f1b220fdd3a309fa89b23ba2c779853116
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:30:07 2007 -0500
Add dumping /proc/sys/net/core/xfrm_* into barf
(cherry picked from commit 98199f6e6bbbcf336a404a162fb756b637245482)
commit df089cdcf6a6251dbf08fed87271afe7668587b9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 22:48:40 2007 -0500
Added a ntohs() around a debug line printing a port number.
(cherry picked from commit d456e48d661cde98930f2bd54fb7bcf31c267bbd)
commit 7b74dfcc1001886b42ac0c7a34a5a9df0b9bdb7b
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 26 22:09:16 2007 -0500
Add new whackrecord for west-east-x509
(cherry picked from commit d656b4ef7905aa04ff6069b85e1c5415aa617249)
commit 049e4771a5a182f890108f129a6b441055fa9d6e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 22:34:29 2007 -0500
Fix NAT Detection when initiator is behind NAT. port of
http://lists.openswan.org/pipermail/cvs/2006-April/005740.html
(cherry picked from commit 662b7ec43c04f54ccffcfc0e9f6596311ffe7fa5)
commit 3e1050cd99ba74368f4be3b5a16960323a14f7f8
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 21:39:42 2007 -0500
Added oe= to man page of ipsec.conf.
(cherry picked from commit 75e5398ce6bb07c32ff6f6c21b8976b15e313545)
commit 42b5f28bfc37483b1e2da7d2a027a40ece668176
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 21:22:55 2007 -0500
added suggestion to comment.
(cherry picked from commit bc7c98c132d4b2c6ac2ecb3e4bc6fcb72196de24)
commit 938381dd093272314a8494c2934127b2d32c824a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 21:18:09 2007 -0500
Added comment to wrong assumption in osw_get_defaultsecret
(cherry picked from commit 8bd130d4baa1e6d69391b0f682eb9c289873a4fe)
commit 87c013a3fddd6f792d98c3ccfde2dffa67d73d19
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 21:08:26 2007 -0500
Added comment to false assumption in showhostkey.c
(cherry picked from commit 7ab4ec9e388a88821c31eb8dc6746e53c920969a)
commit 96e581fe9fb7c650465dced97f8715a5ba84a812
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 20:31:05 2007 -0500
Added testcase for ipsec showhostkey to properly not die on reading
PSK's or other non-RSA entries in the secrets file while trying to
grab the default RSA key for an "ipsec showhostkey --left" operation.
Somehow, PSK_PSK is confusing showhostkey (which tells us it is PSK_XAUTH)
(cherry picked from commit 6ed83219163ef7a42841ce2626f90b90c4f9c7a5)
commit 2d029ef9bed48101bc5bb078db4a7171e0245f95
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 20:23:41 2007 -0500
remove ^M's in output
(cherry picked from commit a494b63d6c732afbb3b01ceecc1f8ddbc5f84f15)
commit 15f8567e17c19d121eb4167992648fec053cf239
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 20:10:41 2007 -0500
Log which type of key we received when we expected PPK_RSA.
(cherry picked from commit 44fda95f9e678baaacf8e5c6ac36c899a2cf30c3)
commit 6e9c36e04ae7e5a3170048c02dc81a91be66720a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 19:38:12 2007 -0500
differentiate the error message in the two different cases to assist
debugging.
(cherry picked from commit 347d27613b7b148ade83f1567e19a5483bf82dfe)
commit 453dd0f2a613ae613c21f9301855717badd11044
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Nov 25 11:07:57 2007 -0500
Properly default *sendcert, so we only set it when loading a conn
that needs it
(cherry picked from commit 2213cb7034e918d2be1ac11948f0549ac3186353)
commit 22889640c00933f5197b90b7412a4d8e40847184
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 24 23:10:28 2007 -0500
Default *sendcert=always This is the same behaviour as 2.4.x did.
(cherry picked from commit 427acce976c894808a2e78a491b855a64ff51c2a)
commit 62240102fddd4cd62f514db56447280e4d467de2
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 23 11:28:20 2007 -0500
Add final prompt to match output
(cherry picked from commit a90a2de99ad637b9abb47d13fdb19d454eaecb8e)
commit 8ff2de7c31bba49683a42bc555a3523a683a1b83
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 21 09:08:47 2007 -0500
Remove esp=3des-md5 from %default
(cherry picked from commit a59c3cc4208832236ad1a30ead5bb077f774f932)
commit 8fa2ca0b1209c156ab764386e96e4f6fda08f8a8
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 21 09:05:15 2007 -0500
Sanitize PPK_RSA Hash
(cherry picked from commit 4e93147599e18c574b441f78df559eeba5e77f57)
commit 8c379d47789ea12407802a5d33bdf56a312a2640
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 21 09:02:51 2007 -0500
Update to replace manual, and new shutdown message
(cherry picked from commit 2d9176d9f420beaff252729c428457ecd63e0f30)
commit 213c062c7628b54d5d5fc5c6043d518c36297c11
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Nov 18 09:12:27 2007 -0500
Remove final prompt
(cherry picked from commit 56d1de91b45c3761af1e7ee6b759581b7265bc62)
commit 036b7932bac6fd1e0acde935da38af8ccaafeb38
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 17 12:34:20 2007 -0500
Partial fix for new KMEM_CACHE() macro in 2.6.22+
(cherry picked from commit b7f69a4a68af86794ffdaba2d5d3d186736ada79)
commit 9fb903604f36e21d076df77bb76b4c86ad0b69b2
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 17 11:13:50 2007 -0500
Make gnu sort happier. On openwrt, old and new syntax give equally bad error
(cherry picked from commit 54d0bbec5dd922bd574edcd9b6956ea4d0bafa2e)
commit 1d29a152cf4b309cab1218ec0ccbf615d47aae5f
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 17 13:26:20 2007 -0500
ROADMAP is obselete
(cherry picked from commit 9220cd14d79d11eea3b46463a10ffb77157fcce8)
commit 66ba86aebe66d787ade626e0f739b0ea3189f6d5
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:42:01 2007 -0500
ignore some additional files.
Signed-off-by: Ken Bantoft <ken at cyclops.xelerance.com>
commit 51648c2fe853a6a05fbf3926a20774b91c4b42e0
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:45:22 2007 -0500
Match output of psk-pluto-04, instead of psk-pluto-01 where it was
copied from
(cherry picked from commit 63c65b7f3f6ab13a6d6aaa2195e765020e94b71b)
commit e49648e1acffec72cf8a018a1926cf8f03e89baa
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:42:39 2007 -0500
Use PPK sanitizing script
(cherry picked from commit 9b50211d395a0d84ef520f3731bfc493b3a108a2)
commit 4502c92f279bf9ca34a08d95ce57bbe82f4bca0c
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:41:29 2007 -0500
Use PPK sanitizing script
(cherry picked from commit 1311f8574787500901ec9f4da07944ef20c32c4c)
commit fa80e7aa933b0d78fea3aba21858a6cc77b6a0c5
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:40:54 2007 -0500
Use PPK sanitizing script
(cherry picked from commit a4af0788e4992271c569618db626b1e89ec35ba3)
commit 618d7379f7ce6091f469048bbb71dab7e6624997
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:40:27 2007 -0500
Use PPK sanitizing script
(cherry picked from commit 3293eb552776a5bbe00b2e3546f57275a9904857)
commit b6420aae5e374e2be32001b950056a0111d514c3
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:40:01 2007 -0500
Use PPK sanitizing script
(cherry picked from commit 80c3b7956e69f5a1de25d1dee3a6cf8a53f5887f)
commit 6cbb8dddc4e2e008709fb1b501066fc1bd60e15c
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:39:39 2007 -0500
Use PPK sanitizing script
(cherry picked from commit 496dee3e4dc43dca5dc8098431f9441212aac89a)
commit e333a5148a61f0a651f6a7590e54eb28535aea1c
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:39:13 2007 -0500
Match sanitized output
(cherry picked from commit 7ad653b76f7898b25ccfab6a691caf99bf2f3f94)
commit fdb697628a41155105c45e02eb67c652d04d7950
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:38:32 2007 -0500
Match sanitized output
(cherry picked from commit b9660f2e9d7df25d1d9984ba856a342a024edf35)
commit 96b9a0c76c8533c64f1e0cdc89742c9e1681864c
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:37:57 2007 -0500
Match sanitized output
(cherry picked from commit 6b8d06bbdaca65e1e862187ccd52ea9ed5d17538)
commit bb5b9631f0282f1cf8e1f9813dfdccf8ee36f1e5
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:37:14 2007 -0500
Match sanitized output
(cherry picked from commit ad1c762b3b13f40f8db0ad22fcdb1037201150ac)
commit a64de5c431559a26add98068e71416f91e28fdc8
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:36:04 2007 -0500
Update for new log message
(cherry picked from commit 8e5581fc4b9a4438cf522ca765825900998ce28c)
commit 691fe7429941c2fafbd9b4eef67d7580f8e3ec47
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:35:39 2007 -0500
Update for new log message
(cherry picked from commit 8d6d7afd57c0163c936166ab08fee40f297bc7f1)
commit edfbcd52b88d5d93eca15a657f4aebef4dca0330
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:35:14 2007 -0500
Match sanitized output
(cherry picked from commit 56f5bb17d8e71ae6ee2d0ff02b67853ef71e03bb)
commit d462454ba8c87a1b3adf592c7bffa6dc6bd1948d
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:34:47 2007 -0500
Match sanitized output
(cherry picked from commit 97715449640616618a0723b014b2728eac4d9988)
commit 0d10ee8c5e86eb0d8c79aabffb75914226245073
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:33:32 2007 -0500
sanitize the PPK_RSA keys
(cherry picked from commit 215af778d871c1075260484bf0e760b4b01d1649)
commit 7e6f9069501458c257a1cd399926a0262c0ed9dd
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:24:19 2007 -0500
Match new restart output
(cherry picked from commit d414d7fdd2717c6610b0bf8994d01b571dbe2577)
commit 975c811fd5d1d36ae727d3a327c1432d7c8dc74a
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 16 02:17:39 2007 -0500
fixed netlink kernel code to get list of algorithms from kernel using
old pfkey interface.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 8aeccc421e9cb1d997e8afd4ff0b601c7f490d83)
commit 171d8444f117d9470593b441b6d0ad581a3d9dca
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 16 01:16:03 2007 -0500
Fix brackets on SKB_RESET_NFCT case
(cherry picked from commit 69dd4034c6b6cdd58193af5974746c26a51c527d)
commit 23ecac77e0bbd0edabf71460d71ce54ea4f610a2
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 16 01:06:34 2007 -0500
updated changes
(cherry picked from commit 3d17490bd75cc86bfe082d87080d0fa8807a4e43)
commit c9b87e10e1a76f209b2470c32ddbed41cf56b320
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 16 01:05:55 2007 -0500
On 2.6.23+, sk->nfct is part of skbut only when CONFIG_NF_CONNTRACK or
CONFIG_NF_CONNTRACK_MODUE is set, where previously this was handled with
CONFIG_NETFILTER.
(cherry picked from commit 8df044744fd2b7f24f5d480b955d45b91f196dd4)
commit 59024777c07ef75144ddc48894ddde2a620ca3d5
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 15 23:11:21 2007 -0500
updated changes
(cherry picked from commit 669350d94d7f9ddcc14da0c2ddddc0149a99deea)
commit 8f169f62c66d0cb8e5ec5d6d0ddd7b97bc02b086
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 15 23:08:25 2007 -0500
Fix for 64bit big endian machines where a cast for struct in_addr was
wrong. This resulted in KLIPS dropping all NAT-T packets with the
error:
klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet
saddr=a010c92, er=0p0000000000000000, daddr=a010f17, er_dst=0, proto=1
sport=0 dport=0
klips_debug:ipsec_xmit_encap_bundle: shunt SA of DROP or no eroute:
dropping.
Patch by [dhr]
(cherry picked from commit ba3ac115fbcdf2a85b8a2fafde6a0dd63f61fcce)
commit 4b20a946d6cacb171c2ddefe24a5a809ee1ee81c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 15 23:06:06 2007 -0500
Added log message to openswan_inet_add_protocol() if we fail to register
our protocol with KLIPS (eg ESP because esp4 module is already loaded).
We didnt notice this failure before. Also unload any protocol that we
did manage to load before we hit an error.
(cherry picked from commit da452b1b3a483932cc00f7ac1cbdd5e29b2ad379)
commit 15924c35c9c49fee91aef9629d9f1f8037dbf2b4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 15 21:03:47 2007 -0500
Don't set HAVE_UDP_ENCAP_CONVERT for 2.6.23+ kernels yet, as the kernel
code for that support in ipsec_tunnel.c isn't finished yet.
(cherry picked from commit 8acafed5fc06b8e126ef8203d4dae325f0e853df)
commit 96f72a0a24312deee534c51d919d5e2779162f8d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 12 10:24:43 2007 -0500
Added a check for suse kernels using SLE_VERSION_CODE and define (or warn)
HAVE_NEW_SKB_LINEARIZE for SLE_VERSION_CODE >= 655616
(cherry picked from commit b55ed041461d1db33f14150eef405caefc62d449)
commit 9ef7802f9631f61416a8a13c30139e42c107e302
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 03:05:20 2007 -0500
Grammer check
(cherry picked from commit 0f1ce28219ef4e6860f99e0adb11ffc242c16229)
commit a9f757769d05c2d7728baa2920eb8a4f63d72947
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 02:48:33 2007 -0500
Better comments
(cherry picked from commit 4f6073d6e01636c5199dfb79ec0346b058067b3a)
commit f143e12c882b2a0cfc49fcb9d736dc98ddece733
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 02:42:07 2007 -0500
Revert "Off by one in comparison on checking key lengths"
This reverts commit 8fd4e1ace5a7bc7348a88df32b9df0132dccfb00.
(cherry picked from commit c4e37b2846a8baf1d4c5f49ca1945b7e729673c5)
commit f82b5a01d15dd4499b86e4a6472ca5d53ce43329
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 02:40:13 2007 -0500
Off by one in comparison on checking key lengths
(cherry picked from commit 8fd4e1ace5a7bc7348a88df32b9df0132dccfb00)
commit ed5064943f54a54287a6f45df654c69c3158a064
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 02:26:14 2007 -0500
Duped code
(cherry picked from commit 50f58b667a9cc964f1d37bf2f0f6f390e659c062)
commit 3e1824fe5b68107b25d783aba4c5dfc6b8343328
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 02:22:54 2007 -0500
Update/revise/cleanup
(cherry picked from commit 3f539b1c8de3873a847161e76051229f0a8d6e32)
commit 151167984daad6657904ed99f8595fb0c42c54f5
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 01:56:25 2007 -0500
Typo
(cherry picked from commit 7e41dccda1ac69ecbf09374e6f02e16f66967969)
commit 93b2a4997b30ab13130698a4dbdc566cceaba373
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 01:52:21 2007 -0500
Clean + document xauth kludge
(cherry picked from commit b1b410ca45946b13be3c72659d998643c7533d2d)
commit d7e6a3bdb9e078f950c30d8b62346291604f3c38
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:31:05 2007 -0500
Remove #ifdef VIRTUAL_IP to clean things up a bit - theres no reason
not to compile this code in all the time (though it isn't much use
without -DNAT_TRAVERSAL
(cherry picked from commit 1f01ceb91b51a5e85a4ac8c8e81e60439408fe74)
commit 32233471c2dd662dfe22f780b8384e891a36642c
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 00:36:28 2007 -0500
Remove obselete code
(cherry picked from commit 060af833f3377cd43ce7a9180bebe294ad604f5f)
commit 426d748b5bc161e598cc014d8a17c4e10e138ef1
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 00:30:11 2007 -0500
Make comments match reality
(cherry picked from commit 505d8cb849ca15a83d0b406a60c511ab27447306)
commit 6e731b00b29d159610ec024423355f7029e2ba71
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 00:24:06 2007 -0500
More useful error message
(cherry picked from commit a5099aa823e42a118db1f03ebc41375612564cd7)
commit a1e05bb6b1f84ba8093ef44324c80d72bf5bf17b
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 14 22:49:27 2007 -0500
Fix comment
(cherry picked from commit ea77bb746a6035907813afb28f4a0cb5b3d8e666)
commit 08521373d5962c3ac6ae0040c6fcc719d70df109
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 7 07:37:59 2007 -0500
Fix NAT-T consts
(cherry picked from commit f2215f54153b22e74853dfb115aec19095e32e49)
commit 0372e07139545227191b840002c48ae2920dcbdf
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 7 07:22:32 2007 -0500
Update for new log message
(cherry picked from commit 7c6847db42e3aa191e5f8f429b2cf47263b07cd5)
commit 11b2b4ad68d1b3261574f4bfee7a7edeb585b1d7
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:42:14 2007 -0500
Update for new log message
(cherry picked from commit 9bdbae79d585fa4a8c77edac66350d9ccd3030ec)
commit 58ef33261047458148753c36a4af2c177d87a6d7
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:41:58 2007 -0500
Update for new log message
(cherry picked from commit 82de64548a52bc260f081d840dab3a76d1e96607)
commit a022df05320853d6b2baa49aaf89e83923adca43
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:41:41 2007 -0500
Update for new log message
(cherry picked from commit 2d688dd45784856149120973ecbe8734c5015f2b)
commit e4ce48956c228273fdadad182340b66c789a8e06
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:41:11 2007 -0500
Update for new log message
(cherry picked from commit b02f82dd1a3c4252f94c4dfe747c02946af09162)
commit cca8903bf633eb7e91521751e040080043fb4d8b
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:39:57 2007 -0500
Update for new log message
(cherry picked from commit 3c6f4104ab2f159888baa5705cd2b16e2e84b7bc)
commit 9f1255ad56130fe9ca48de9bee9caae308335d1d
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:39:43 2007 -0500
Update for new log message
(cherry picked from commit 107ca74b62fadc7a4cf6e70448fb261af419a617)
commit 03fa6020bd5074e2240a245261417cd0ba0623f7
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:39:07 2007 -0500
Update for new log message
(cherry picked from commit f09f89436a0fc197c10cb754c9e3289f84fe2529)
commit df534e7cd36a25ebb4de7eab8cb4bf5aae85f124
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:37:43 2007 -0500
Update for new log message
(cherry picked from commit 85223f80771659352e51bbf33916e1a5735e1a34)
commit 723f57d250a4aeec7499efa2a20c1739f7ffb485
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:37:34 2007 -0500
Update for new log message
(cherry picked from commit 4d419c5465fe032b1ef6e60be76c0506302ac209)
commit 6258160c52aa2984b1e94e5a9212dee77c7befdc
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:37:10 2007 -0500
Update for new log message
(cherry picked from commit 12b27eb58a263459143f711b4e933818ffb9ac26)
commit 80fa17c586c57d6dc1f40e94cea3a9ff320f8ee3
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:37:01 2007 -0500
Update for new log message
(cherry picked from commit 243257ff072e4c5c6123cb4bd4bbde61644da280)
commit c9db3672fa265e8386dd172e9b196a6b437685c5
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:36:36 2007 -0500
Update for new log message
(cherry picked from commit d2be7684ac7d5343e7343e921f7a7233be8c63a6)
commit 891b664676b6ea905939dfebfc1926dfadc7fe5a
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:36:27 2007 -0500
Update for new log message
(cherry picked from commit 1b6529ba7899437ea5ee83091885c2f91c0b1215)
commit e285caa1b9dd37bb9c5bcee1a4d18173117faad3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 14:22:38 2007 -0500
preliminairy code for 2.6.23+ nat-t support.
(cherry picked from commit 999d241907bde88ae59e54e3029309f49ceae278)
commit 35971bb7582e3e05d0a5d47585255ddd93e30c85
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:27:15 2007 -0500
#838 - sanitize out address from list of kernel algorithms
Signed-off-by: Ken Bantoft <ken at cyclops.xelerance.com>
commit e28685b88c65bdb521cccb8ab5bd47c6509784c3
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:20:56 2007 -0500
fix of a merge error.
commit 9da13fa4151e0b5cef183e3316b95c9d4207a7bf
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 13:20:59 2007 -0500
Don't check for the nat-t patch for klips on 2.6.23+ before attempting
to build nat-t support.
(cherry picked from commit d4b53855d7cb207c4ba070a46f09f72145a4e1e7)
commit 6bfffa42d14e4669935dcb1c05853c9b1fa3595c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 12:49:09 2007 -0500
new encaps code is in 2.6.23+, not 2.6.22+
(cherry picked from commit d349f1882f22a925e45d62edbf80dafe32d55260)
commit c2f655332ec08ce4b535b5120d51157bb31173f7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 12:43:56 2007 -0500
Added check for 2.6.23 to enable IPSEC_UDP_ENCAP_CONVERT.
(cherry picked from commit ba89c7e59ce606d5e3f2ec173097c7278cd2f261)
commit 89d4805ef22b77f203c137e0075c3fd428c99e9f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 12:42:31 2007 -0500
Moved check for 2,6,21 to proper place.
(cherry picked from commit 975830b53724297baffe20319b18eba7a58b038f)
commit cf7653345e53a12d28453663c38dfee29db9c432
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 12:41:49 2007 -0500
Remove duplucate 2,6,20 check.
(cherry picked from commit 131c852cdc4c79b27dff8e8fb1957f0fb35cb015)
commit 27c4238db5a8521e556a79585e7fa3e37c4982d4
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Nov 4 10:08:55 2007 -0500
Fix spelling
(cherry picked from commit bf0fa47079b779953c2d864ea90c296337381e5e)
commit 6b14662f2966d1e3bf01f982e4af2f5920976434
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 14:56:49 2007 -0400
changes to NAT-T vendor ID, fixed to make test case pass.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit f3a4c57e3cca974d2bb776d1a063cfff3178bab7)
commit 7fa043f398d316bc8075cc33bcaf76425654aa89
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 14:41:00 2007 -0400
fixed various typos/merge errors, removing wrong merge code.
reapplied KLIPS_SATOT() to ipsec_sa.c (as it has been refactored),
and removed all remaining CONFIG_KLIPS_ALG.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit bc666c1376b97b7c90d0885e01105d4838592070)
commit e325968e9c6b6d4d96e410fabe6125a4f56660d7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 14:03:50 2007 -0400
added changes from 2.4.10
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 31f92cfbded671aacd6beb9e1dcf22ca1b2ca8ec)
commit 3211550c9eadcdf9192f5dc83b14a98ced4fabda
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:18:12 2007 -0500
pullup of 2.4.10 fix for #802
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit cc328bfc9736c0732df3d4f0ddc11129bb36f073)
commit 7b71ecd7ced161d34ea345699ce086e1d9c807fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:25:11 2007 -0400
updated l2tp examples to match new code (17/0 issue)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 8e06f66acf4cd80020b4534ce7ba604d8618221e)
commit a1ac6895837a90927ab4bc185e078400511eef90
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:24:33 2007 -0400
lsb says that exit codes from init scripts are more complicated than 0/1.
do not use the word "running" in any output, where openswan is not in fact
running.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 84965c92d3de66831745308a563ce2140be3c27c)
commit 808d56eee6b3ad9add133ae4052e772b0ad43a01
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:23:01 2007 -0400
make CONFIG_KLIPS_ALG set by default, let some people override
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit ff1f79aaac577b8adbd149a8440aa944f474f8f9)
commit 738cd9927656086fc956c86f28fe7453733c4140
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:14:21 2007 -0400
make sure that backquote is dropped when we pass items to the shell.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 9baca3cc5fc3e0e84a80a6deb487209b018c688a)
commit eeb96340c9f34772db643bab3a37d68f673bd8db
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:07:05 2007 -0400
uClibc's resolver is to be considered "OLD"
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 520c64ef305cafca1ce0c7110a9f86c4a115eb43)
commit edb73ea05218800ce869cbb771f7fb29983d4d47
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 13:43:49 2007 -0400
Make sure that all linking for pluto directory is done with LDFLAGS
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit e61f64fbc5975de8abc48d86ebafc48f89b0697a)
commit aa5e27c5819d62551a3086fcd6fb574fd0407f83
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 13:42:51 2007 -0400
PAM required dynamic linker (-ldl)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 3bd288d502e98e2f2a5d0dcf45c51ef32923d2b4)
commit cbf44f304e609dc3d08d8eaa714bd2832cfe429d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 13:41:37 2007 -0400
remove erroneously commited merge cruft.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 345b6aae6212a7d4ce3edad1c0a391745fab926a)
commit 9ae9ca6acd875625d4aa48f8c9e90fe199a88930
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 13:33:54 2007 -0400
use proper modprobe for openwrt.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 74865ffc9ce06064c9098d7fa97b3c88943ea49c)
commit 162ef47784cb08b19feee90837c31a766a68fe8c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:04:58 2007 -0400
be tolerant of having thousands of interfaces.
"ps -p" is not part of busybox.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit d398eb4609f804d2bd81e3c571f2ce972fad1fe8)
commit 34fd417c236b7344d7192d5da16ba6aba7ed336a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:04:10 2007 -0400
added redhat-rpm-config dependancy
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 839201375ced94645f39e584d472b7930a0ee32d)
commit 206455b733676a5eebde5df4083e556d57294a2f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:03:53 2007 -0400
install startup script in proper place, use explicit path to insmod.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit a9b5eaf76c93ccbed0d4bf0889c8654a23877530)
commit c8f33fa00366cd5f5d10e7f2f3f23200447664b9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:03:12 2007 -0400
turns off UDP checksums (for transport mode) by default.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 6269c9192f12eedc810f389f2ed83664d17b1453)
commit 77501e87d4270629956c3c6f480e830f6771b014
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:02:30 2007 -0400
do not calculate SA strings, unless debugging is on
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit f6744d5ef6541bdea924280211f8d7b8ec0945da)
commit a56eeecdbc180dd41278dd49cca3cb2b57aac5cc
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:59:44 2007 -0400
added prototype for strstr
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit d6fa30af7eb98a52189399e64f2de6f03f408db0)
commit a9a3c2fbe7e4aad501eec767821b854c9666afc0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:59:23 2007 -0400
patches for 2.6.22, skb-pointer-changes
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 288529a2325e07b8945f890cc5185d21eb245c71)
commit 5d8384020a00eea5094d6d443c5e7d772a5afba6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 13:03:57 2007 -0400
Fixed some merge problems against 2.4.10 changes, and remove some experimental MCR code
relating to non-BEHAVE compliant NAPT.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 42c7973dbc55130ba19bf85e7fa5ff5ca7fbc9d7)
commit 4f62dbf2ff6207078730a69cfd6b45432663c412
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:58:22 2007 -0400
cherry-picked a06e7cd23a08e82c315048cfc2f2839989e8f9f0 and friends for more VIDs
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit dd23aa2f0de21a3ccfae8c0b1e81ec9c3378dbaa)
commit ac311117f86a29adda1d856f7026dcfec4cf0797
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:13:56 2007 -0500
make cross-compilation/embedded systems easier by letting FINAL* be
overridden in Makefile.inc (care of davidm at snapgear.com)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit a96acadc35dd662b04588595e29c90acd62c2816)
commit d65b4c9e578e2b3b8e4bb675eb6615bf2b1863b8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:42:41 2007 -0400
changes for 2.4.9
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 0802e451a8894f466933ce5bb56bd79a1c85450b)
commit ad2ae95616107ce2db3c48e4417d2ececeb42a98
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:42:25 2007 -0400
use a more portable way to check for super-user
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 45e0103259e05882bca95436214c1e3380ee49dd)
commit 7c440f5fa866e0cc2a837641ee4759fc0b25ac84
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:40:33 2007 -0400
turn off debugging of NAT-T changes off unless asked for
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 48a6f1e4867838d292e5595a9d93403511b2f153)
commit 60a6bc2d6814c40b7ddd4b94e3b10943f7fe9e0b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:37:38 2007 -0400
using custom auth algorithms. This is bug #811. Patch by "iamscared".
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from commit 4a637aa3701fb5907b0c0cafa1e0e7f59eae9a81)
commit 975ea49604102be93e7b6a78700b620a3e395d00
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:12:07 2007 -0500
initial fix for NAT-T + aggressive mode.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 47eac0e32e4081d1660937402487375b57b0ceba
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:07:37 2007 -0500
Ignore parentR1duplicate
Signed-off-by: Ken Bantoft <ken at cyclops.xelerance.com>
commit 5fc713bf715e178cf48d95d214569e067e2a344e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:32:10 2007 -0400
tentative changes to make KLIPS do NAT-T with 2.6.23.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 511ad011fb339b72a4ef4f9557e7aa3228df51ab
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 14:05:17 2007 -0500
Massive cherry-pick snafu.
Signed-off-by: Ken Bantoft <ken at cyclops.xelerance.com>
commit 6a99fc20fd5e4e68049dd07ee1aa495f4d1accea
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Oct 29 00:35:08 2007 -0400
1st pass at test cleanup
commit 04ea2cb3da92325755e131852c15a19c49db42b3
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Oct 29 00:07:55 2007 -0400
Revert eroute - look includes this, and worked
commit e81301b629e627472a31af489db9f1ae65b5469c
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Oct 29 00:03:26 2007 -0400
look at eroutes
commit 324fa73c85b7aaf12fdb708d4c2f922ce789dfd5
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 13:56:02 2007 -0500
Adjust to 4168
commit acc242f985ec5c52059791409a1b5d8b1bf13066
Author: Ken Bantoft <ken at mbp.local>
Date: Sun Oct 28 23:48:50 2007 -0400
Fix placement of type=
commit 8aa54271219344da4d1ddd69eb2f8c28c62b3a00
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Oct 27 20:08:19 2007 -0400
Added missing space (bug 861)
commit b3de6c85e8288bdd3021b16575c94ac793ecc059
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Oct 21 11:50:18 2007 -0400
Add esp0x... message that is now printed
commit dfb6b9e6cff4e4d480a0cf08d7c152768a7a286c
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 13:50:35 2007 -0500
make sure to set socket family for originating port number.
commit 867edc97a3026c11d65109cfbd6d826e1a24204a
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Oct 20 16:58:41 2007 -0400
Add VID's for Vista (from Openswan 2.4)
commit a9b08db7add61d8ce9a609dc4c2be62e01131e78
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 13:42:00 2007 -0500
set sin6_family for IPv6 sockets.
commit 89c20aad3d71e544315dd75d10b6f10197d11701
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Mon Dec 17 13:22:22 2007 -0500
adjusted makefiles to srcdir properly, if not already set.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
Conflicts:
testing/lib/libpluto/Makefile
commit 96a8150b53c66ae700bb1491baa2ae85b015b671
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Dec 17 13:04:37 2007 -0500
Fix klips vs. netkey tests
commit a9a0d729f2f5e0618ce0453f090987b1b7034085
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 12:00:42 2007 -0500
#383 -- update for HEAD of tcpdump (2007_12_17 version)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 00223868adc0b2e546d0930969c6584e98033a7a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 11:49:44 2007 -0500
#838 - missing seam_vendor.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit caa4265a59e70bc1f5264cbf6cd84c6b74a2e0b9
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 11:44:13 2007 -0500
#838 - sanitize vendor ID
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c2ff70235cead6a20ebcf83aa45b1ed3ca0f7c53
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 11:30:12 2007 -0500
#838 - sanitize address in #2 state object.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cb805f279d1a287b3f74f009838c1f3478688369
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 17 11:25:14 2007 -0500
Fix variable name for testing netkey stack in startklips
commit 5e68fe2eaaad6f26f9dc9739971072df38372954
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 11:11:41 2007 -0500
fixed ikev2 key derivation test case to deal with ikev2 changes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0358b4f87129acb733be164f76c7b24c40f8f088
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 01:02:01 2007 -0500
#838 - adjustments to unit tests to reflect changes to debugging and
host/network presentation of SPI#
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e479d2318fe391e4bc5ff90d679664ffae26ce93
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 00:55:21 2007 -0500
#838 - key derivation code was hard coded to INITIATOR only --- added role.
dump derived CHILD SA keys.
install inbound and outbound keys on initiator.
select SPI# only once.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 50c922468b621dc582edb8a7a5d02cacbfe93510
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 00:47:32 2007 -0500
#838 - fix typo in DBG flag.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9b3fa3a440e861850e0246252052a23ffa6d2d98
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 17 00:46:17 2007 -0500
#838 - test case for functional IKEv2 system test.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3e3bddaf72e519232f7e61af4907a1daa6573c88
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 23:54:05 2007 -0500
#838 - make IKEv2 debug keys only logged when debugging is on.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dac4f865be2a030d0c4776055fb535ef987c1146
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 22:41:07 2007 -0500
#838 - make sure that whack_sock is closed properly when the negotiation is
completed --- pending list retains the whack_socket, so we should
use that for the child SA state rather than duplicated our own.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7ce64c163518797f54b97b2aeeff2bd1320decb7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 22:38:16 2007 -0500
#838 - first attempt to interoperate with self.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7164b6f2b1452bf4b601c6104bcbae503e4622e3
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Dec 16 20:37:38 2007 -0500
Cleanup switch case
commit 158209cd3d4888fee82a8e1a11f207a47ab2ac0c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 17:10:06 2007 -0500
#843 - child SA keys are not installed properly.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6a0adb17431c011bb56cb06b0ecb07499e8132b1
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 17:03:38 2007 -0500
#843 - install SAs into kernel only once, and do not calculate
keying material until just before we need it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2b6e1f551d14b3c7df21d2a57abb3817b334966e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 17:01:50 2007 -0500
#843 - ikev2_derive_child_keys() was called earlier than necessary,
and the inbound IKE SA was created twice because it was thought
that it would be useful in the initiator. The initiator can not
do this.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f4593b76657df3d2f5808b935ec27a0369e8657c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 16:16:48 2007 -0500
#843 - update parent state to show authentication has been successful
at I3 stage.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4da0f8e21d5ddd58c9e345c9193b53e949075a77
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 16:14:36 2007 -0500
#843 - intern child states at appropriate places when we think we are committed to the state.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 11a36f7f51951729c3ced601a3561b68aff3b5cb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 16:14:10 2007 -0500
#843 - unit tests with proper msgid in packets.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 27e791755894307a221895c343abe4a9f53733a7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 15:52:38 2007 -0500
#843 - processes msgid=0x01 packet properly.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 14e9e8011ecf2acfaeea6d05bb59488ac5013b94
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 15:51:42 2007 -0500
#843 - added test case for duplicated I1 packet --- should be processed only
once on responder.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b7c26a49faf785fef98ce9c8525ac5bddb95f0b9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 15:42:30 2007 -0500
#843 - fixed a memory leak in duplicate_state,
and emit the I2 message with proper messageID,
handle retransmitted packets (needs test case still).
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bc6b4c990a913d06e063c7b1a2facd9fc787cc1a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 15:41:43 2007 -0500
#843 - emit I2 message with proper message id (=0x01)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ec74ed0c4b0d9db6aeebe1b54b269f34d99ecf00
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 10:33:19 2007 -0500
#843 - derive child SA keying material, and transition to a child SA
state. This requires that certain operations now must use
the "parent" SA state to do operations.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a7b2964e1c527d2c37d65d16e175c0b828b32bc5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 16 10:32:05 2007 -0500
#843 - test case for creating CHILD_SA keying material, and installing it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 99829c62e8dbf835734e15fb3326fb86dd973cc9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 15 22:38:57 2007 -0500
#843 - ikev2 child_sa key derivation code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cd89a82a29c033b56f65c33c44e201d65b559bef
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 15 22:38:24 2007 -0500
#843 - moved key derivation code into programs/pluto.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e9c2fcfeb5e4d8104841377d18312f70f9308aae
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 15 22:03:40 2007 -0500
#843 - to support IKEv2 CHILD SA calculation, a number of things
were moved around, and integer turned into enums.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 63ec765e538418b879e2bc739abceb0f6309a477
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 15 22:00:32 2007 -0500
#843 - key derivation code for child SA.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c11dca5bf03a57964d2b46522e167b0fe194be8f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 15 14:58:51 2007 -0500
#843 - test verifies IKEv2 key derivation of child SA material.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6e0b6925915ec74e14854f3acf3ad70398801abd
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 15 14:47:53 2007 -0500
#843 - fixed up rsa v2 test case to remove explicit addresses in sanitizer
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5fd3f9fd56c4b05c207188ec5305849f8305891c
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Dec 15 08:22:34 2007 -0500
Fix syntax - this is a switch, not a label
commit 0dad9476918e7148c1a41e785db85b78eed72b2e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 13 08:02:59 2007 -0500
#843 - skeyidcalc needs ikev2_prfplus.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 46614fd264333e287dd9f05354a3c14d561906a3
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 13 07:59:34 2007 -0500
#843 - split out prfplus function
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 299f0ac6b252b5525957bb18c2160b03192afa21
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 13 07:59:20 2007 -0500
#843 - setup for deriving ikev2 child keys -- split out prfplus function.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d518143eda0aa12d66e3934341ef8797f6e6e7be
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 12 23:59:00 2007 -0500
#841 - processes TSi/TSr packets.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3e65b6dcea0b65e99357208a13d95d42f40eafee
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 12 23:57:53 2007 -0500
#841 - test case for parsing TSi/TSr in R2 and I3.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a7d1b05173b5d33a2d23c56377002be0493333ce
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 12 22:25:47 2007 -0500
#841 - parse provided traffic selectors and try to fit them into provided connection.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f0770d51a34b385adaa0737ec28b806a9d1c6226
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 12 21:37:43 2007 -0500
#841 - ipaddress difference code --- used to pick best traffic selector/
policy match.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 86216e4dbe4db79e0b4badb2aabc18a3f4fd694e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 12 08:06:18 2007 -0500
basic code to do estimation of distance between two IP addresses.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3da37a5c8e54f72496460e00329f3024964a52dc
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 12 08:05:44 2007 -0500
missing include file for test cases.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8fa24fe88446d68e57828a19ff06e4a2e1453b0f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 20:02:51 2007 -0500
#841 - install IPsec SAs at appropriate times, and process SAr2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c657c16e0e81920faff284cc7e06a7b786011805
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 20:01:23 2007 -0500
#841 - state I3 now receives SAr2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ebaeb4871bb0e070bf5423c908e6f4435c2a0523
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 01:55:39 2007 -0500
#841 - responder now emits TSx -- refactored call to ikev2_emit_ts, and installs inbound and
output SAs to kernel. No keys derived yet.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9d137bdfba2d0aa704c61bc34f55ecb4b45d85de
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 01:53:03 2007 -0500
#841 - send R2 packet with SAr2 and TSi/TSr
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1da015d7435157d903c313b67459d88dfd3bec79
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 01:33:01 2007 -0500
#841 - move sa_v2_convert() to ikev2_parent() so it can convert the correct
SA definition --- don't overwrite the child sa with the parent SA.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4bb17004129d8fddde47f7e5149b96790a9f8a9a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 01:32:17 2007 -0500
#841 - I2 was emitting the PARENT SA as the CHILD SA due to extra code in ikev2_out_sa().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 11eb5ebbbf8b47a71739e2b0ed84de7afe0925d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 01:19:39 2007 -0500
#841 - process incoming child SA seperately from parent SA.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b1a441219998496f1e0910a49d0b18664a4fb42b
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 01:19:25 2007 -0500
#841 - process incoming child SA, attempt to respond (fails)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b277113465d4b9773bd7e71da25ecfdcc60db91b
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 01:02:05 2007 -0500
#841 - handle differences in ikev1 between PARENT and CHILD SA definitions.
In ikev2, the parent uses the same algorithm name space as the IPsec SAs.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 29b4374bb04e8cda21585b9f4e8a50076edb4706
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 01:00:52 2007 -0500
#841 - test case for converting v1 CHILD SA definition to v2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cbdfdd9df7fafce1aaca9db6b310161f3d0c34a9
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 10 01:00:37 2007 -0500
#841 - adjustments for parentSA member addition.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1c3bded6538fdddb33c5437b296380b574c0ed57
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 23:13:22 2007 -0500
#841 - convert parent and child SAs differently.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b9f237db92032619d63bb160ec1ffaecb866b6d1
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 23:12:39 2007 -0500
#841 - change db_attr structure to distinguish between oakley and ipsec attributes
(in v1 land), such that when transformed to v2, it makes sense.
This requires that the db_sa have an attribute indicating if it is a
parent or child SA definition.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 072d3bc2f663bd3b78195777268be0b640862021
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 23:11:00 2007 -0500
#841 - changed ikev1 attribute definitions to enum.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b07cdbb6c366981b17ab550fc82fdd16d1dde741
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 23:09:59 2007 -0500
#841 - corrected a call to parent_sa to child_sa.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 75e7c8b2bb1988eaedf459fe6c882d4794e90aea
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 20:37:33 2007 -0500
#841 - the transform count now depends upon parent/child SA
make sure to copy the results into st_oakley in the parent.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 30eddd4da882bafdf0ed5ef8ca2f9176e38669cf
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 20:37:01 2007 -0500
#841 - fixed transform count to be 4/3 for parent/child.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6c86c9250b3416c701105df208c45763b4151191
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 20:26:43 2007 -0500
#841 - correctly set NEXT_NONE when ESN won't follow.
- set gotmatch=FALSE for parent_sa calculation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c2482d205f71bf2b4b030c1b1f4413a61bd73487
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 20:26:07 2007 -0500
#841 - removed erroneous ESN attribute for PARENT_SA.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ad2a65494a598d58adb3c367be29bd62c3397ba0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 18:17:16 2007 -0500
#841 - refactor SA comparison routine so that it can do CHILD_SA calculations
as well. Use trans_attrs structure here to act as the common structure
for doing SA comparison calculations.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 27de540886a77a980d3ae651d4f90ce6d2a1524b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 18:16:18 2007 -0500
#841 - restructure the oakley_trans_attrs so and the ipsec_trans_attrs
such that they use a common "trans_attrs" structure everywhere.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 91cc2692c5822e02b38f681b015aac8fddb41aa5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 13:26:56 2007 -0500
#841 - change argument order to ikev2_parse_sa_body() to avoid confusion,
and refactor a bunch of code to permit seperate routines for
parent SA and child SA processing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c2b7ca5c852540f44589a6a011a73294c107a754
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 13:25:53 2007 -0500
#837 - when decrypting the packet, make sure that the pbs used for
the cleartext does not "disappear", as it will be referenced
by the child PBS structures.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f249d4517e418863b30ca3bdba412943c82ba890
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 13:25:09 2007 -0500
updated dependancies to include ikev2_child.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 149e33df1d0b05a80d6b9407686c6abf13b3814f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 13:24:37 2007 -0500
#841 - process incoming SAi2 packet.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fbf2d50303c0e351916a8998d804fc2ed2429df3
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 13:20:03 2007 -0500
#841 - mock ipsec_get_api() should return in network order to keep tests
host order independant
commit 4a14b7b36a6f88badfd7b9d6966397528e639890
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 12:28:26 2007 -0500
#841 - emit Traffic Selectors into I2 packet
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f3c4a6daee3117f9fb4eeadfdd605533ccc5aba1
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 9 12:27:20 2007 -0500
#841 - test for inserting traffic selectors into I2
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1cb6b87c5ab9d931b35a008cb5a96bb3da490da9
Merge: a1f8d85 483f027
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 18:26:23 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit a1f8d85d9d29370839a20ab36f9618a3b98cb27c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 17:32:21 2007 -0500
Rewrote delete_ipsec_sa() to use a switch statement using kern_interface,
and added logging for unimplemented cases.
commit 2fb1ba765af0e32ee1a045b53af47217e693b41a
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 17:05:25 2007 -0500
Only define extern pfkey_plumb_mast_device() with KLIPS_MAST support.
commit b6d0f817086329ec4ad0b3b8d30a9523fff4accd
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 16:58:53 2007 -0500
Only include klips_register_proto and netkey_register_proto when their
respective support is enabled via KLIPS and NETKEY_SUPPORT defines.
commit 6698dcc8c7a0694e6fa20f7c0f021e3627b05ced
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 16:57:58 2007 -0500
Changed DBG_KLIPS to DBG_NETLINK (more intuitive, defined as same lelem(
commit 6128d8723520f800b929fd5105ef339b3069ed9d
Author: Paul Wouters <paul at paul-2.local>
Date: Fri Dec 7 16:52:40 2007 -0500
Fix comments describing #endif's
commit ff2a1ee89c7bb3c9caace10d7cc7c21c8a03df4a
Author: Paul Wouters <paul at paul-2.local>
Date: Fri Dec 7 16:40:08 2007 -0500
Added an DBG_NETLINK alias for DBG_KLIPS
commit cb4237417cc9b8c833906d4bcd86923000eb9bbc
Author: Paul Wouters <paul at paul-2.local>
Date: Fri Dec 7 16:37:31 2007 -0500
Changed a comment based on Herbert's information.
commit cced98414251f41ff0c7bbc70e90cc32f9226e10
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Dec 7 16:32:27 2007 -0500
Move netlink_register_proto from within KLIPS define to NETLINK_SUPPORT
define.
commit 201078575efa5b5b87506ecb25bbdc8ca4a683a3
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 6 21:46:05 2007 -0500
#841 - added SAi2 payload to message I2
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fba042024cb8a2d8b81d9071afa031330be6d91e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 6 21:44:45 2007 -0500
#841 - added SAi2 payload to I2 message.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit be8951b4841e72017f114fe7303d5ea890e22826
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 3 22:16:45 2007 -0500
#845 - fixed RSA signature setup as a result of fixing initiator/responder
create/verify operation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 483f027719ebf83288bac265c7cfa6bbd8dd3a59
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 3 14:53:51 2007 -0500
sync'ed openwrt Makefile with nbd.
commit fe789235d9c08c1a90bed9c1bca4504ca93bac0c
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Dec 3 10:40:06 2007 -0500
Fix check for "klips and netkey" loaded.
commit 5ba77a8a3f3f6f57464058b1a08df4bff4c2a28f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 22:46:52 2007 -0500
#845 - added proper v2 IDs for 3DES.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1d799c4f1e8d468d5d6c0224e828e4100b21ec5e
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 2 21:45:46 2007 -0500
Added testcase for bogus leftover entries in the kernel policy db when
using netkey
commit da178d5d8d1a300382d5e96f17dfac066b89519a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 21:41:57 2007 -0500
#837 - close out the whack_sock properly so that whack will exit,
but for now, do not create pending phase 2, as the initial
CHILD_SAs can be created during AUTH period of the parent.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8c6782474cb71e0e5a47033c9bc13fe43d36ffd8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 21:41:03 2007 -0500
#837 - minor cosmetic cleanup.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d0b3208183f180c2b8b79ecc78d12adf342762c7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 21:40:45 2007 -0500
#837 - adjustments to calculation of idhash --- show inputs and outputs,
and adjust which role is assumed when verifying.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7e47cb82a17b662e4b1fe4b758a5887517ad6114
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Dec 2 21:30:23 2007 -0500
Don't use ipsec look but use ip xfrm state and ip xfrm policy in netkey-pluto-01
commit fd9d40e84f8abe4de659669a7adc5f6c018555aa
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 20:33:46 2007 -0500
fixed up makefile --- bail if iproute2 not set.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fcc27f61c3b594922c4e30ff5063f00c38786aae
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 17:49:41 2007 -0500
#837 - rsa signature needs to based upon first packet sent, but verification
is based upon first packet received.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 29eea9a3fff5b3138138306c303208b84e4d1fca
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 17:48:56 2007 -0500
permit makefile to override notion of where top is.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 71d3f3904ef9f85228c3bc357ef39028abff6340
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 17:48:32 2007 -0500
#837 - must hash first packet received seperately from that which was sent.
added Makefile.depend to help with rebuilds.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3a180bdae24b4acbebd62cac00ac1617847a0569
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 17:06:42 2007 -0500
#837 - added role to RSA routines to be able to pick the proper nonce (Ni/Nr)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6e9be162bfb2366e33643ea80e14f9cb9fd08536
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 17:06:24 2007 -0500
update make dependancies
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ce983b94ed0c77d30a0e257fd40dfa77877f34a9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 17:06:01 2007 -0500
#837 - added debug of hash inputs to RSA verification routine.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5b9bd0037204b61ce78d5c534ae94e5b89f858fa
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 17:05:43 2007 -0500
#837- added role to mock rsa routines.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6924277fa46f6d13020acd0bb6e26f9e2443e92d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 16:45:08 2007 -0500
#837 - refactored v2AUTH payload calculation into send_auth()
make auth payload a valid payload to receive.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 521e2a2a6bea95af94b9e055809f99b64a62a55e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 16:44:20 2007 -0500
#837 - authentication of I2 and R2 test case.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0acecb8cc42a0cbb17c3109387fec976ffcb51a3
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 15:37:10 2007 -0500
#837 - permit AUTH to be received during R2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3fba817ca0c498e50c07e50d94b3e2744acea75e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 14:52:28 2007 -0500
#835 - verify IKEv2 RSA signatures.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0eabbd3f5dba1e02be51cb94984d76a41332a962
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 14:52:08 2007 -0500
#835 - test case for generating and verifying IKEv2 RSA signatures.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b339e191ec4dac4f6c988faf8bb2aeabb2127bc5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 14:01:40 2007 -0500
#835 - moved DBG_dump_pbs() to packet.h
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a8b2a9f15d72250b970f8aefce64ad11eca1cf7d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 2 13:47:47 2007 -0500
#835 - refactored v1 SIG/RSA key finding code to permit a different underlying
signature checking algorithm
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit eb6354d28f7dab66162da4e70a4e600feb60e810
Merge: 90e1627 b6d53a7
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Dec 1 13:53:52 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit b6d53a7b08bc816b2b3f554f2879d8a189b2fa9c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 20:06:55 2007 -0500
ESP=50, not 51
commit bf7b620bb16693b9de6e01723ec27c8bb10f5ff5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 20:02:45 2007 -0500
Remove old ipfwadm code. no longer supported.
commit 669959f1e31d330243d032d436c1114d3df66aeb
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:56:01 2007 -0500
cleanup of _updown.netkey. Remove posix version, remote doroute function
in ip2 version of _updown.netkey
commit e47a2bf844ba2e25602575764c10405b1b28ec62
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:48:01 2007 -0500
Added Herbert Xu to copyright string.
commit bc566bcc79cfeec30bdce372a518923960c440e8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:41:29 2007 -0500
Remove no_oe.conf, which is obsoleted by oe=no.
commit 001285624af725e5d1087cee37d3a8f459d50668
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:27:55 2007 -0500
Remove unused calcgoo - used to be when we provided different ipsec
modules (i386,i586,smp,etc). This is now handled by modern packaging
systems on Linux distributions.
commit 7c2cf1707349c2f8b3d26e754cef527cecf0787e
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:26:16 2007 -0500
Try and unload KLIPS when using NETKEY. Die if we fail to unload and
tell user to recompile or use protostack=klips|mast
commit 24b66d0e190c257e9af92724ef5ea98261ca22d0
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:20:05 2007 -0500
use @@MODPROBE@@ instead of modprobe, so this works on busybox/openwrt
that only has insmod.
commit a116fc25b4a65c74a7eecfb020c056cbde4fd587
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:18:36 2007 -0500
Enforce removal of netkey when _startklips is started, abort if we cannot
unload. Tell user to recompile kernel or change protostack=
commit 66aeac4882da9848d7982e3a574bc6ea601c8ad1
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 19:01:20 2007 -0500
Only add klips, mast and netkey specific scripts to SUBDIRS=+ if they
are defined with their USE_ setting in Makefile.inc.
commit a329b3376e43df3414534c7fc2d5e63d719519ef
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 18:47:14 2007 -0500
make clean gave an error when USE_IPROUTE2 was false
commit f4c1d5a3607b2ae7b38e30e0dabf4bb4e9d7d0c6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 16:57:56 2007 -0500
Added note about netlink_register_proto() being in a KLIPS define.
commit 90e16278bf7a313257df966024d943e5ab4c028a
Merge: 8a2aac2 ca9589b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:49:42 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit 8a2aac2a47d62a3711c6c93eff72339059707fcf
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:45:34 2007 -0500
updated changes.
commit 17f413efe59d45094f4eebfa24c1320c7914a989
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:40:22 2007 -0500
Added new keywords to confread
commit c18ed44e1c2cc6ee12de7d81ed177658e74f5a69
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:39:52 2007 -0500
transfer DNS/WINS options. (should this only happen with NAT-T?)
Added workaround for SofRemote clients using phase2 IV instead of
phase1 IV. Workaround disabled per default.
commit 009e8618559fedf53f4c1f9b6629e513f84d9b4f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:34:45 2007 -0500
Add WINS/DNS options to whack.c. Act on modecfg DNS/WINS options.
commit eea3413f0703203c14ec875b3c29bfe6fa4c13fa
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:33:16 2007 -0500
Add DNS/WINS options to man page for pluto.
commit 9dfaf5bec502be5127257d00320403394a91a820
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:32:43 2007 -0500
Add DNS/WINS to the conn struct
commit 2a177ce73c02a06f669bf3eb6d02966d796200ea
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:32:28 2007 -0500
Copy DNS/WINS information from whack message into conn struct.
commit efc3e31bce3fa37b78d7f5346b489279d11ee2b1
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:31:09 2007 -0500
Added keywords modecfgdns1,modecfgdns2,modecfgwins1,modecfgwins2
commit b12931dba06f3965b8aebd4691011e96b8f7e740
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:25:00 2007 -0500
Add dns/wins options to the whack struct
commit 41a55abae5238d2197216c4dc5d41d4e60fa31ab
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:24:17 2007 -0500
new policy keywords for dns/wins options.
commit 17a51ef508ec890b367b9deeede82f2101055779
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:23:16 2007 -0500
new keywords for mode config DNS and WINS options.
commit 8718968dede1c432cd16e36b9c2bf32b7b1929b2
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:14:05 2007 -0500
typo fix in comment.
commit 33e91cc23e851c15a5e894aff614143640bd7a6f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 01:12:54 2007 -0500
Get rid of diff evertime this _updown.mast.8 gets generated.
commit 7b9714fc4d5d541bffd8209c64464db431314fb3
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 30 00:43:27 2007 -0500
SoftRemote client XAUTH workaround, see http://popoludnica.pl/?id=10100110
commit ca9589be31e19f717261916b3095a06a92aeffd1
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 30 00:28:10 2007 -0500
Add done to final1.sh - seems to ensure it actually gets run and
we get results from the ipsec look.
commit 3973bf5f8dbc0f416f23e334c7982745d09ed92c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 23:38:44 2007 -0500
Added xauth.conf example - also uses latest modecfgdns and modecfgwins
options.
commit cc006b1dde0347e494b1151cb4eb33f79f35698f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 23:38:19 2007 -0500
updated examples. removed old unpatched Windows examples and OE conns
predating the config option oe=
commit 5fc348285c37a069077d1ac897068d7bfcc0be7c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 23:31:44 2007 -0500
testcase for modecfgdns1,modecfgdns2,modecfgwins1,modecfgwins2
commit 8711889976304460aff8f35aa1ff66295b63337b
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 21:35:37 2007 -0500
#835 - protect against multiple inclusion.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 320044e5af96c78914734dce73ea9983f227e95d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 21:32:44 2007 -0500
#835 - protect against multiple inclusion
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a3b8c7da2458fce067d8165e7c0166e418684750
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 21:31:01 2007 -0500
#835 - significant refactoring of link seams to permit rsa-v2 to work.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 30c2cfa518f9eb71512622a7344b2435bce46eac
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 20:46:24 2007 -0500
#835 - split exit_log() functions out of whackmsgtestlib.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 53a3041654a5116458bbb9dd543fd533d37c1686
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 20:44:27 2007 -0500
#835 - split seam_keys.c out of whackmsgtestlib.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b96ae0ad365567a1db61a7fce95077f60db9844c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 16:58:37 2007 -0500
Added comment at unreachable code
commit ff7fb1ec0c10f9628c6d24e3fe314b792d983c91
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 16:40:06 2007 -0500
Add case for PPK_XAUTH in osw_free_preshared_secrets() and free the
memory used by s->pks.u.preshared_secret.ptr
commit 93e4f9e9e9f42e9432a14a97f11a8435de917750
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 14:56:48 2007 -0500
#835 - moved readwhackmsg() to libpluto.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 278a743445313649898cf8e26b875e6a57af8327
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 11:26:21 2007 -0500
Group USE_IPROUTE2 next to USE_NETKEY since there is a dependancy. Comment
about it. Change "# include foo" to "# Build foo", since it does weird
colour highlighting in vim because it thinks it is an include statement.
commit 90f08f806ef155912faf827a4d36503868a7e2fb
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 11:22:52 2007 -0500
Dont allow building _updown.netkey without USE_IPROUTE2
commit 96ce3daeefe87fbf887f29b57b869239360bc3be
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 11:20:56 2007 -0500
Remove the empty *route functions, as apparently shell functions cannot
just contain comment lines. Also removed the full functions in the posix
updown version (which I don't really think we would ever support on netkey)
commit 12792c9a607febab8aad498d7a6470b137365ea3
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 29 11:09:02 2007 -0500
change version to reflect this is a snapshot and not 2.5.15
commit fdfe2bbf3ddbf88499cc638469bb0b5e9eae71e3
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 10:11:52 2007 -0500
#835 - refactored to move access hash calculation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7fecba46dd46725e369ebb7988e695164504cfa8
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 10:10:54 2007 -0500
#835 - fail test case if compilation fails.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a499b32cee1d6880d09acf3b4c709661e62935e5
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 09:37:21 2007 -0500
#835 - added AUTH payload to I2 code, require it on R2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7ab9dcdb42cdf9a76c6b3b9e858fe052785589ee
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 09:13:22 2007 -0500
error in generation of C code --- size may be >256, it must be an int.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 45b6d3c0a7448a2e4be9f69e454a423ff6594b8e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 09:12:53 2007 -0500
do not create OUTPUT link in OUTPUT dir (annoyance)
format test output more nicely
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f4fd87559234fa10375bb992f6020d91e436fa2f
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 09:12:01 2007 -0500
#835 - adjusted to ignore VENDORID (as it can change)
include aliases to help update outputs.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 01a58852bf8fca5d5acad0bc281df182f19222a6
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 09:10:04 2007 -0500
#835 - whitespace change
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bb5d1791ce73c3834637e2db41dba5dd0628678e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 09:09:23 2007 -0500
#835 - added debug function to dump valid contents of a pbs
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 01329b71cfb8d34be4434127bc42cb966f1d8239
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 09:08:45 2007 -0500
#835 - save initial packets for use in AUTH hash later on.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d72910845cab62c452293979c9d7d231d733b5e5
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 09:04:15 2007 -0500
#835 - to aid in doing rsa signature testing, let an alternate root dir
be specified so that stock ipsec.secrets includes/certificates
can be found.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d753392707fcd48a0e7aa6be36d1793231fce559
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 09:02:15 2007 -0500
#835 - whitespace changes only.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 720b5eb54ce937dc2b03292e2e32ee63741aab63
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 29 08:58:32 2007 -0500
#835 - test case for doing RSA signature.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d4d3bd675acf6da7c2c62b712a2597ff882176b2
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 28 20:39:36 2007 -0500
#835 - test case for doing RSA signatures (PKCS1.5) and verifications.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c0c821de5da05df54264f795fd8e8426963433a3
Merge: ac0c138 65ef2ac
Author: Paul Wouters <paul at user223-86.wireless.utoronto.ca>
Date: Wed Nov 28 20:06:03 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit ac0c13845dc2dec6c7fed84c21db482f975e3bed
Author: Paul Wouters <paul at paul-2.local>
Date: Wed Nov 28 19:34:42 2007 -0500
List kernel version for "ipsec --version" on OSX
commit e07d00792fc3a61597de2746209730aae74476d8
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 28 18:43:28 2007 -0500
Changed USE_KERNEL26 to USE_NETKEY and rewrote the comment lines around it
to be a little clearer about what this is.
commit 65ef2acfbe26af847426fd66fba8e58352d8c1ea
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Nov 28 01:09:02 2007 -0500
Fix missing comment hash
commit 01a7ef74a0e830484d16c7fdbc07030f8912c868
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 17:01:40 2007 -0500
add target for _updown.netkey
commit d293174b3182d25ea49b331f23c8228e5963a911
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 17:00:52 2007 -0500
Added _updown.netkey
commit 6943318b08fbd9a7f5af7c311178a9b4c78021b3
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 16:49:47 2007 -0500
Added logging for case where _updown returns a failure.
commit 5f6bcd1e0513f9a47ddf3c9a26db41cdca2f47c1
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 16:48:59 2007 -0500
Add PLUTO_STACK to the list of env variables to set in do_command_linux,
so that _updown knows to call _updown.netkey on NETKEY based systems.
Also updated the PLUTO_VERSION number from 1.1 to 2.0.
commit 7b8f703d5a01566d91b29057321324dc4ebd1c01
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 16:41:52 2007 -0500
fixed comment in last #undef, mistakingly referring to KLIPS instead of
NETKEY_SUPPORT.
commit b5947366c65d3789e582f59bb4ceaf2a9247f053
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 16:28:08 2007 -0500
Only log parent1 type when MORE or CRYPTO debugging is enabled.
commit 3ca8392af35d64cef5894c390544a7ad1c3d4c34
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 16:13:15 2007 -0500
Add spaces in output of module loading in _startnetkey
commit cc00ea7e2818f6c05d556ce5189ee1da27d59d84
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 11:26:01 2007 -0500
fix missing ;
commit f2020be6fd0efeed909053099a3b53462cbfdccf
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 27 07:56:16 2007 -0500
added some devel aliases to help life.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 03b959d0db45918ffa16b54953301a36b4e1819c
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 00:08:56 2007 -0500
Updated man page for _startnetkey.
commit 7894a802113c468d7110f78ca6a389ab1480f74a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 27 00:01:17 2007 -0500
add a newline after the many loaded modules output.
commit 08a009f9ef131ce3809e289dd0cfe5df427f82d9
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:59:49 2007 -0500
Remove all code for putting the default interface or route into the
info file. This is to ensure that any script depending on that while
using netkey will explode, so we can fix it to not mess with the
routes when using netkey.
commit 35f22e4008e741302d9818059432a3e2a54e4ffe
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:58:48 2007 -0500
Completely redone module loading for NETKEY and Crypto API. Now load all
the xfrm* modules and crypto modules.
commit f04037680c23874f179994b9c5f3ebd33a516e43
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:50:50 2007 -0500
Added /proc/crypto to barf output
commit 2a0a9cd5ed66335087b819b846f597dd8d18dc8d
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:34:52 2007 -0500
Remove all NETKEY modules in shutdown in _realsetup, currently:
xfrm6_tunnel xfrm6_mode_tunnel xfrm6_mode_beet xfrm6_mode_ro
xfrm6_mode_transport xfrm4_mode_transport xfrm4_mode_tunnel xfrm_user
xfrm4_tunnel xfrm4_mode_beet esp4 esp6 ah4 ah6 ipcomp ipcomp6 af_key
commit c62d3b832237b4428e24c1d004d3214000d6738a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:30:45 2007 -0500
remove ipfwadm and ipchains checks. We no longer support linux < 2.4
commit 98199f6e6bbbcf336a404a162fb756b637245482
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 23:30:07 2007 -0500
Add dumping /proc/sys/net/core/xfrm_* into barf
commit d456e48d661cde98930f2bd54fb7bcf31c267bbd
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 22:48:40 2007 -0500
Added a ntohs() around a debug line printing a port number.
commit c0eb7ed4a5eec86765c418565acbedf10bdeb3c6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 26 22:37:52 2007 -0500
#835 - make padding self-describing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3f02c2b7d1783b34d996d24ab5bacc475df25c00
Merge: 662b7ec d656b4e
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 22:37:33 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit 662b7ec43c04f54ccffcfc0e9f6596311ffe7fa5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 22:34:29 2007 -0500
Fix NAT Detection when initiator is behind NAT. port of
http://lists.openswan.org/pipermail/cvs/2006-April/005740.html
commit d656b4ef7905aa04ff6069b85e1c5415aa617249
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 26 22:09:16 2007 -0500
Add new whackrecord for west-east-x509
commit 75e5398ce6bb07c32ff6f6c21b8976b15e313545
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 21:39:42 2007 -0500
Added oe= to man page of ipsec.conf.
commit bc7c98c132d4b2c6ac2ecb3e4bc6fcb72196de24
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 21:22:55 2007 -0500
added suggestion to comment.
commit 8bd130d4baa1e6d69391b0f682eb9c289873a4fe
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 21:18:09 2007 -0500
Added comment to wrong assumption in osw_get_defaultsecret
commit 7ab4ec9e388a88821c31eb8dc6746e53c920969a
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 21:08:26 2007 -0500
Added comment to false assumption in showhostkey.c
commit 6ed83219163ef7a42841ce2626f90b90c4f9c7a5
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 20:31:05 2007 -0500
Added testcase for ipsec showhostkey to properly not die on reading
PSK's or other non-RSA entries in the secrets file while trying to
grab the default RSA key for an "ipsec showhostkey --left" operation.
Somehow, PSK_PSK is confusing showhostkey (which tells us it is PSK_XAUTH)
commit a494b63d6c732afbb3b01ceecc1f8ddbc5f84f15
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 20:23:41 2007 -0500
remove ^M's in output
commit 44fda95f9e678baaacf8e5c6ac36c899a2cf30c3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 20:10:41 2007 -0500
Log which type of key we received when we expected PPK_RSA.
commit 347d27613b7b148ade83f1567e19a5483bf82dfe
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 26 19:38:12 2007 -0500
differentiate the error message in the two different cases to assist
debugging.
commit 4e24dfbd0de577b85702b756b89e5bc5396e3006
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 25 22:14:59 2007 -0500
#835 - processing of R2 message in initiator.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0f47f3206c29f13f456dac280526c2f9085fc1df
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 25 22:13:33 2007 -0500
#835 - test case for R2 processing on initiator.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 833c1dbe0006c872ca5748575e8730ef49dde05c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 25 21:51:55 2007 -0500
#835 - refactored out decryption routines.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 881c51b3f266d2508b41540262748b74796aa077
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 25 21:51:12 2007 -0500
#835 - fixed some minor comments in R2 key.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2f5511a13b6667f303e72a68b18739182627a868
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 25 20:38:20 2007 -0500
#835 - send R2 message, encrypt it with common code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 217c7ede90cf6d5ef2a7ae5dc4286ce35ba88451
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 25 20:37:38 2007 -0500
#835 - test case for sending R2 message, checked with tcpdump 4 decryptor.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2213cb7034e918d2be1ac11948f0549ac3186353
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Nov 25 11:07:57 2007 -0500
Properly default *sendcert, so we only set it when loading a conn
that needs it
commit 6dc6b8172dd4ad10ad17159234f67e0e347d1fba
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 25 08:08:52 2007 -0500
#835 - refactored message encrypt routine.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 427acce976c894808a2e78a491b855a64ff51c2a
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 24 23:10:28 2007 -0500
Default *sendcert=always This is the same behaviour as 2.4.x did.
commit 69beed3f2c3be3920dbf7d1432ae39aff5da77b0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 24 22:12:40 2007 -0500
#835 - move some debugging around, cleaned up some debug messages, and
confirmed that responder can decode I2 packet.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 73c04d21e164078830f6064fdc2f6b720538ec34
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 24 21:18:56 2007 -0500
#835 - renamed hash->prf_hash, and made integ_hash, and added IKEv2 names
for hashes, duplicating hmac-sha1 and hmac-md5 as both integrity
and PRF functions.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3001aedfeba0935720b3b6db9264b6ae50cadc84
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 24 18:55:27 2007 -0500
#845 - added cryptoop name for IKE_SA calculation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d2e759f94e7ced7d545d87c21044f7d61b8ff405
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 24 18:32:40 2007 -0500
#845 - changed skeyseed calculation code to match rfc4306.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 26eac5b1a05af3944d9c1c1f67ff579064037d1c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 24 18:32:07 2007 -0500
#845 - test case that matches output from safenet SKEYSEED calculation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5cb1cb66a5b82a3d70edd4fe94b72263aaf1786d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 24 14:19:49 2007 -0500
#835 - use tcpdump 4 to decrypt I2 packet to confirm contents are correct.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2bb3179789818e475e95d844ad9e7d19414b01e5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 24 13:58:18 2007 -0500
#835 - refactoring and cleanup of test harness.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5f7fb89e1e8fdd2dc847660d6f93112f2ac34804
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 24 13:53:21 2007 -0500
#835 - updates for tcpdump 4.0 (2007-11-24) that now properly prints the cookies
and message IDs.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4688a4d5069e454ffa727f881ea9a1cd23f459ca
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 24 10:22:20 2007 -0500
#835 - the negotiation settles on AES128/SHA1, but the mock values were of the right
length for 3DES/MD5, so the calculations are not done right, and tcpdump
disagrees when it decrypts.
Use seam_gi_sha1.c (values from v2-dh-07, known to be wrong, but of the right
length) instead of seam_gi.c values.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1a826610eeba9e8bc7b7f7694c468b3245d5a465
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 23 21:46:11 2007 -0500
#835 - log encrypted and ciphertext text if DBG_CRYPT.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 51d232afd7bb6c7effa5607d47d9596113548160
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 23 21:45:42 2007 -0500
#835 - test case includes cleartext and ciphertext.
commit 78e95cd0b00be545319b4c96838d7f4cc85309b0
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 23 21:20:40 2007 -0500
#835 - added state transition logs, and creation of tcpdump (4.0) compatible
secrets file for debugging of ikev2 sessions.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 40611c1c6cc81f7f58c545897a70b7d2e7d897c2
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 23 21:09:36 2007 -0500
#835 - added state transition messages, and logs of algorithms negotiated.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a90a2de99ad637b9abb47d13fdb19d454eaecb8e
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 23 11:28:20 2007 -0500
Add final prompt to match output
commit 837ba6736edc2058ae632446c0ad3fe5d4553443
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 22 17:16:04 2007 -0500
#829 - revised according to changes in tcpdump 4
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fb8054b28649b4278ffbef5adad202a4dea01346
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 22 17:01:08 2007 -0500
#835 - create ike-secrets.txt from unit test output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b3666141a0d9e912d038539246607ff26afdc8fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 22 00:01:20 2007 -0500
#835 - setup for receiving R2 message.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6ea816a3141157d73a4f56f6939bdecc38d643b5
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 21 23:52:59 2007 -0500
#835 - extract correct IDi when responder.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4c1264e37340bc1e405a546073a61bc15d6b6d88
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 21 23:52:45 2007 -0500
#835 - test case for printing decoded IDi
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 43abb6f0fd65ecceb18fd01f741a9291dbd9a30d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 21 23:47:54 2007 -0500
#835 - refactored out extract_peer_id for use in ikev2_decode_peer_id()
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0cdff50caddc539546efd0e2f391e8c161ceab29
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 21 21:58:28 2007 -0500
#835 - decrypt R2 payload.
refactored payload processor into ikev2_process_payloads.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f77f06abc5f8f7595c435471cae46b0cbc165123
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 21 21:58:05 2007 -0500
#835 - added test case for decrypting R2 payload.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9604fc90da5e2e6271d5701f1a7085347d70f410
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 21 21:37:11 2007 -0500
#835 - test case for matching authenticator --- ignore I1 packet parsing
in this test.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7293a0667e907014195ef06b3f39ebea1d9051cf
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 21 21:31:29 2007 -0500
#835 - treat encrypted payloads specially, as the np refers to what is inside
the encryption, rather than what follows.
minor fix to MAC calculation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3c7d4254aeae1dd72d35b99dac7babcbac6d9170
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 21 20:51:21 2007 -0500
#385 - added notification sending routines rather than call abort().
added inR2 routine.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a59c3cc4208832236ad1a30ead5bb077f774f932
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 21 09:08:47 2007 -0500
Remove esp=3des-md5 from %default
commit 4e93147599e18c574b441f78df559eeba5e77f57
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 21 09:05:15 2007 -0500
Sanitize PPK_RSA Hash
commit 2d9176d9f420beaff252729c428457ecd63e0f30
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 21 09:02:51 2007 -0500
Update to replace manual, and new shutdown message
commit 4db0f2be488cfc98848e3dbad73777d64f9ae4fd
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 20 22:15:53 2007 -0500
#835 - basic test case setup.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9f542ccb1af6c42a4647d785fae93e5faabadf9b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 20 22:12:13 2007 -0500
#835 - setup for parentR2 test case -- receive I2 packet on EAST.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cbaf726a83c882d26a2e6513616fcf267b8a859a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 20 22:11:23 2007 -0500
#835 - added error checking on pcap file input
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d4fb1f28ac472c32a813ed18cae427e274b48c46
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 20 22:10:54 2007 -0500
#835 - fix parentI2 to match to "west" side.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f884b00acff1df28df12dc02f3b98586bbafe04b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 20 08:06:59 2007 -0500
#835 - parentI2 should use initiator nonces and g_x values.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit abfe3a0832c6199883bc15802d4457005fdefbc9
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 20 08:06:33 2007 -0500
#835 - skeleton for parentR2 test case.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 864860d17d72bf17d3b8dd254923a5d9f14034d1
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 20 00:18:13 2007 -0500
#835 - fixed padding of cleartext, and use a copy of the IV as some
cipher routines will damage the IV provided.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d498de9bf3e405d4398c11cd7dc203eb31682528
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 20 00:17:40 2007 -0500
#835 - fixed up padding of cleartext.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 343e508a808a8a24076f117027343939a71a7839
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 19 22:39:54 2007 -0500
#835 - check that there is a responder SA payload.
encrypt and HMAC the output packet.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9b030d30c02cd4d1b3ac79815cf8ea6b0d2299f9
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 19 22:39:20 2007 -0500
#835 - additional debugging of the proposal matching code added.
make sure that the initiator check of the SA payload is done correctly,
and that at most one proposal is verified.
Make sure to examine further proposal payloads by setting np to
subsequent payloads values.
The reply transform structures were not being closed properly, and
were probably working by fluke. Leave the PBS in place because
we will have to emit keysize attributes, which are currently just
not implemented.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 90358dfcbe82243a7353172e8606cb0a548f9327
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 19 22:36:44 2007 -0500
#835 - we need to know the IV size to use for the encrypted payload, but it
is almost always the same as the blocksize for CBC methods.
When we support non-CBC ciphers, we'll change the #define to a real
structure member.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1490a1de5e510dbef14d0c6867937c9ebeab6ea3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 19 22:35:22 2007 -0500
#835 - encrypt and HMAC the I2 packet to be sent.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 94c07a47ad713ee9493b6a1b6fc89f7abe896308
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 19 22:25:48 2007 -0500
#835 - fixed mixup of PRF and DH transid in response R1
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c3ac92d9c03c584fe242f17434725f1249a18690
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 19 22:11:59 2007 -0500
fixed typo in RFC number.
commit 64abc6babcf16da8d6d49f767ddcf4c3bce37d72
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 18 21:48:22 2007 -0500
#835 - put basic encrypted header into payload, and put ID payload into that.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2532c16dbbb184e9c27800ec93d7ca01bcd7179d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 18 21:44:11 2007 -0500
#835 - test case with ID payload inside of Encrypted payload.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 56d1de91b45c3761af1e7ee6b759581b7265bc62
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Nov 18 09:12:27 2007 -0500
Remove final prompt
commit cd4e0ab44a7061e0b1c6a903c4bf17bda555a064
Merge: 9220cd1 2afd376
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 17 23:50:22 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan#testing
commit 9c6304aee34ccb43881e76a26a346c9e8f1c42e7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 17 14:43:33 2007 -0500
#835 - adjust debug output from send_packet().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9220cd14d79d11eea3b46463a10ffb77157fcce8
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 17 13:26:20 2007 -0500
ROADMAP is obselete
commit 2afd376936da2fda7f2a403541f397025f27e4e9
Merge: b7f69a4 9ffe582
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 17 12:34:59 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit b7f69a4a68af86794ffdaba2d5d3d186736ada79
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 17 12:34:20 2007 -0500
Partial fix for new KMEM_CACHE() macro in 2.6.22+
commit 54d0bbec5dd922bd574edcd9b6956ea4d0bafa2e
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Nov 17 11:13:50 2007 -0500
Make gnu sort happier. On openwrt, old and new syntax give equally bad error
commit 9ffe58229fdd8183fcaa0cd669c647696fd235ef
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:48:53 2007 -0500
Use fixup for RSA keyid: lines
commit e83b1b8c2d6c0618937d5dc5eff9ec62568c4993
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:47:49 2007 -0500
Also cleanup RSA keyid: ADEADBEEF
commit 63c65b7f3f6ab13a6d6aaa2195e765020e94b71b
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:45:22 2007 -0500
Match output of psk-pluto-04, instead of psk-pluto-01 where it was
copied from
commit 9b50211d395a0d84ef520f3731bfc493b3a108a2
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:42:39 2007 -0500
Use PPK sanitizing script
commit 1311f8574787500901ec9f4da07944ef20c32c4c
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:41:29 2007 -0500
Use PPK sanitizing script
commit a4af0788e4992271c569618db626b1e89ec35ba3
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:40:54 2007 -0500
Use PPK sanitizing script
commit 3293eb552776a5bbe00b2e3546f57275a9904857
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:40:27 2007 -0500
Use PPK sanitizing script
commit 80c3b7956e69f5a1de25d1dee3a6cf8a53f5887f
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:40:01 2007 -0500
Use PPK sanitizing script
commit 496dee3e4dc43dca5dc8098431f9441212aac89a
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:39:39 2007 -0500
Use PPK sanitizing script
commit 7ad653b76f7898b25ccfab6a691caf99bf2f3f94
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:39:13 2007 -0500
Match sanitized output
commit b9660f2e9d7df25d1d9984ba856a342a024edf35
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:38:32 2007 -0500
Match sanitized output
commit 6b8d06bbdaca65e1e862187ccd52ea9ed5d17538
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:37:57 2007 -0500
Match sanitized output
commit ad1c762b3b13f40f8db0ad22fcdb1037201150ac
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:37:14 2007 -0500
Match sanitized output
commit 8e5581fc4b9a4438cf522ca765825900998ce28c
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:36:04 2007 -0500
Update for new log message
commit 8d6d7afd57c0163c936166ab08fee40f297bc7f1
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:35:39 2007 -0500
Update for new log message
commit 56f5bb17d8e71ae6ee2d0ff02b67853ef71e03bb
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:35:14 2007 -0500
Match sanitized output
commit 97715449640616618a0723b014b2728eac4d9988
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:34:47 2007 -0500
Match sanitized output
commit 215af778d871c1075260484bf0e760b4b01d1649
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:33:32 2007 -0500
sanitize the PPK_RSA keys
commit 29427ed2f22462df447ac9ebeb7002c465fb808e
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:32:35 2007 -0500
Sanitize private key hashes (PPK_RSA:A........ -> PPK_RSA:ADEADBEEF
commit d414d7fdd2717c6610b0bf8994d01b571dbe2577
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 16 05:24:19 2007 -0500
Match new restart output
commit 8aeccc421e9cb1d997e8afd4ff0b601c7f490d83
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 16 02:17:39 2007 -0500
fixed netlink kernel code to get list of algorithms from kernel using
old pfkey interface.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 69dd4034c6b6cdd58193af5974746c26a51c527d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 16 01:16:03 2007 -0500
Fix brackets on SKB_RESET_NFCT case
commit 3d17490bd75cc86bfe082d87080d0fa8807a4e43
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 16 01:06:34 2007 -0500
updated changes
commit 8df044744fd2b7f24f5d480b955d45b91f196dd4
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Nov 16 01:05:55 2007 -0500
On 2.6.23+, sk->nfct is part of skbut only when CONFIG_NF_CONNTRACK or
CONFIG_NF_CONNTRACK_MODUE is set, where previously this was handled with
CONFIG_NETFILTER.
commit 669350d94d7f9ddcc14da0c2ddddc0149a99deea
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 15 23:11:21 2007 -0500
updated changes
commit ba3ac115fbcdf2a85b8a2fafde6a0dd63f61fcce
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 15 23:08:25 2007 -0500
Fix for 64bit big endian machines where a cast for struct in_addr was
wrong. This resulted in KLIPS dropping all NAT-T packets with the
error:
klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet
saddr=a010c92, er=0p0000000000000000, daddr=a010f17, er_dst=0, proto=1
sport=0 dport=0
klips_debug:ipsec_xmit_encap_bundle: shunt SA of DROP or no eroute:
dropping.
Patch by [dhr]
commit da452b1b3a483932cc00f7ac1cbdd5e29b2ad379
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 15 23:06:06 2007 -0500
Added log message to openswan_inet_add_protocol() if we fail to register
our protocol with KLIPS (eg ESP because esp4 module is already loaded).
We didnt notice this failure before. Also unload any protocol that we
did manage to load before we hit an error.
commit 9a1b2f9da9382501db0d1f1247b3062979cf65f6
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 15 22:51:18 2007 -0500
#835 - added IDi payload, and recover the calculated SKEYSEED into the
state structure (and set it up for the mock calculation)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0cf47a11322d004eed3a387aeffdd1a456aa01de
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 15 22:50:08 2007 -0500
#835 - added IDi payload.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8acafed5fc06b8e126ef8203d4dae325f0e853df
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Nov 15 21:03:47 2007 -0500
Don't set HAVE_UDP_ENCAP_CONVERT for 2.6.23+ kernels yet, as the kernel
code for that support in ipsec_tunnel.c isn't finished yet.
commit 6b3e89f8d2e34e1dd9200862fe39ae515ffaa935
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 15 11:58:31 2007 -0500
#845 - enter in results of SKEYSEED calculation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3b1b83e35e3d176694a2271ea656f21de9afbd70
Merge: 0f1ce28 b55ed04
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 08:49:29 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan#testing
commit 0f1ce28219ef4e6860f99e0adb11ffc242c16229
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 03:05:20 2007 -0500
Grammer check
commit 4f6073d6e01636c5199dfb79ec0346b058067b3a
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 02:48:33 2007 -0500
Better comments
commit c4e37b2846a8baf1d4c5f49ca1945b7e729673c5
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 02:42:07 2007 -0500
Revert "Off by one in comparison on checking key lengths"
This reverts commit 8fd4e1ace5a7bc7348a88df32b9df0132dccfb00.
commit 8fd4e1ace5a7bc7348a88df32b9df0132dccfb00
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 02:40:13 2007 -0500
Off by one in comparison on checking key lengths
commit 50f58b667a9cc964f1d37bf2f0f6f390e659c062
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 02:26:14 2007 -0500
Duped code
commit 3f539b1c8de3873a847161e76051229f0a8d6e32
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 02:22:54 2007 -0500
Update/revise/cleanup
commit 7e41dccda1ac69ecbf09374e6f02e16f66967969
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 01:56:25 2007 -0500
Typo
commit b1b410ca45946b13be3c72659d998643c7533d2d
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 01:52:21 2007 -0500
Clean + document xauth kludge
commit 1f01ceb91b51a5e85a4ac8c8e81e60439408fe74
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 01:34:37 2007 -0500
Remove #ifdef VIRTUAL_IP to clean things up a bit - theres no reason
not to compile this code in all the time (though it isn't much use
without -DNAT_TRAVERSAL
commit 060af833f3377cd43ce7a9180bebe294ad604f5f
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 00:36:28 2007 -0500
Remove obselete code
commit 505d8cb849ca15a83d0b406a60c511ab27447306
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 00:30:11 2007 -0500
Make comments match reality
commit a5099aa823e42a118db1f03ebc41375612564cd7
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 15 00:24:06 2007 -0500
More useful error message
commit 9654c5a7f6399637e54c37937336c7d26446fec5
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 23:15:24 2007 -0500
#835 - setup DH calculation, and adjust state structures with responder
SPI ("cookie")
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0c98a13ddff575731b7ad9acb1c68c056217567a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 23:13:57 2007 -0500
#835 - process R1 packet, and setup DH calculation and skeyseed derivation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ea77bb746a6035907813afb28f4a0cb5b3d8e666
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 14 22:49:27 2007 -0500
Fix comment
commit 953b74272e3ef210aaea952b2a869415cdf4cd96
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 21:58:02 2007 -0500
change order of diff operation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7e77aa68c9d5e6bc69d2c609dc24ef8c9bad6658
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 21:57:31 2007 -0500
#835 - adjust parentR1 test case to accomodate additional lookup of zero
responder cookie.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a0db14bda9d1fdd0c94693fb8c25891b60d8eba8
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 16:32:48 2007 -0500
#835 - refactored out recv_pcap_packet() from parentR1.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d2b161dca49adbbd748aa9c90a64a7f466eb894a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 11:21:49 2007 -0500
#835 - cleanup of parentI1 test case to deal with new code in ikev2_parent that
requires additional seams.
refactored sending I1 packet out so that I2 can use it to setup
proper state.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1e0516b347e859ca31b4655e3c34669aa1ebb1d7
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 11:21:07 2007 -0500
#835 - test case of first half of second exchange.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 157b70767842f5072fe11343061db77328a391d7
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 11:18:06 2007 -0500
#874 - this is the correct parentR1 output (note setting of responder cookie)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2e63e458eb48a11fb3182c857fab084b32a7d2fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 11:16:48 2007 -0500
#874 - by mistake committed parentR1 output over parentI1 output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9d417f4bb2ebb4333dda6e228e7bc0eae834f61a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 00:26:14 2007 -0500
#845 - added missing files.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7a2a3bf55fc19df377e78ea61673d74656ece8b0
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 00:12:16 2007 -0500
#845 - revised md5/3des skeyseed output to include prf+ log.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4bd21d94ab4f41a304c0c952b883a6bfc4cfc1ec
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 00:10:54 2007 -0500
#845 - dump prf+ stages from v2 key derivation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d2ff440bd19d264cc724c2bd3bd10c5cb087416d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 14 00:10:26 2007 -0500
#845 - test case for key derivation with SHA1+AES128.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c90c8f879022131806edacefd65ac7bb4d467a5c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 13 23:46:50 2007 -0500
#845 - skeyseed derivation, tested using MD5 PRF.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c8ec23002ed2f598e1b6593076c85494addeebf8
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 13 23:45:04 2007 -0500
#845 - test case of crypto skeyseed derivation for IKEv2
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 02768e7cd76a465443f13f3cbf6864db268f0b52
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 12 21:18:54 2007 -0500
#845 - beginning of DH calculation and SKEYSEED derivation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a0d62bfd63a359af8d56667d6f8fe72ffd0e4658
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 12 21:16:45 2007 -0500
#837 - beginning of inR1 processing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 03ccbbf9c17c7a637c9359da22ec2eba0112d0f3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 12 21:14:13 2007 -0500
#845 - guard against multiple inclusion.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b55ed041461d1db33f14150eef405caefc62d449
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 12 10:24:43 2007 -0500
Added a check for suse kernels using SLE_VERSION_CODE and define (or warn)
HAVE_NEW_SKB_LINEARIZE for SLE_VERSION_CODE >= 655616
commit 4b8e58d7b2f1641d37214cd651d34ccebade2a58
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 21:59:16 2007 -0500
#845 - unit test case for SKEYSEED calculation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d6c3e60c04341dc395a8128e94f735e5d6cd8c48
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 20:02:17 2007 -0500
modified to use new seam_gi.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit af8072d69ffe1bbaefc82af8ea9d49f24adebd35
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 19:59:39 2007 -0500
merge in PK unit test cases from 3.0ocf tree.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9505448eea58574cb31f56716cb7ba56f0d17b97
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 19:15:32 2007 -0500
#874 - typo in name of IKEv2 RFC.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 215f6db2ddc79c747a3b139f49df6192bd22d683
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 18:35:23 2007 -0500
#874 - responder must set it's cookie and store the state.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 68fccf9c36bab73b653ed3404fcdf1b013f77814
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 18:35:08 2007 -0500
#874 - responder must set a cookie and store the state.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 86ac88cc896283e01901405bcd548761565125da
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 17:48:01 2007 -0500
#874 - copied diff file instead of OUTPUT file again.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b35a44a059494b35830cd24a2efd55fe57f98c43
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 17:46:53 2007 -0500
#874 - inR1 should not transmit packet itself, the complete_state_transition
code will do it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0c2fdf815d323ac4d1f3fd86fd12c43e628c40a4
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 17:46:27 2007 -0500
#874 - removed duplicate transmit packet on receiver.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0460154e3b115cdea3bbe88f96adff834832c94f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 17:42:12 2007 -0500
#874 - accept_v2_nonce needs to use Ni, not Notify payload.
avoiding dererefencing NULL if sadb is not set.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0197fd5c341bc0446703770b73968b03fd7d3abb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 17:41:10 2007 -0500
#874 - updated test case for spdb free changes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 218669cbf7173c9460748fefcaa6a9800167424a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 17:34:37 2007 -0500
change implementation of db_sa such that it notes if it was allocated
statically or not, and frees itself if it is dynamic.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4908c26a4a2723b2045b54d9f374588ebfaee0d5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 14:22:34 2007 -0500
#874 - fix up output with new pattern of leaks for properly disjuncted
SADB.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1d0e0e4e12a7cd8f2390326d0888e39e46aefae2
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 14:17:22 2007 -0500
#874 - fix parentI1 to emit correct DH group into payload
use global "struct pluto_crypto_req" so that it can be
set properly in test.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a27157f7c378d9169b5d070f9901898d5b406af3
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 14:14:37 2007 -0500
#874 - use unsigned where appropriate, and process the DH group from the
KE payload receit to set the group to respond with.
use accept_KE() and accept_v2_nonce() to process payloads.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6f03f0fab133502a7c4af46bde143690d701be3f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 14:02:10 2007 -0500
#874 - refactor accept_KE and accept_nonce() so that they can be used
by v1 and v2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 18d02adfe087d40b5e7633caac4eba4fcf70d0f3
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 14:00:49 2007 -0500
#874 - whitespace change.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit faff2711c99b7e2a49727210f2784087c30a228f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 14:00:33 2007 -0500
#874 - added IKEv2 notification values (noted duplicates of IKEv1 ones)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 42b3bb378b9bf63cb185fbf6b03828a2be534a7c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 13:59:58 2007 -0500
#874 - change many counters to unsigned.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8b8a09be4c1a8f4c91e613f700cbc495229657e3
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 13:58:50 2007 -0500
#874 - when converting SADB from v1 to v2, make sure to make disjunctions
not conjunctions, and number the proposals sequentially from 1
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 86cd689cbc10234b7396e1cbba76a134fb0d95ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 11 13:48:32 2007 -0500
updated test case to have disjunctions of proposals rather than
conjunctions of proposals.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1591e3255cec40941662de1ee3d3d709aa7d8a50
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 10 22:19:40 2007 -0500
#874 - change *_cnt members in db_sa to unsigned consistently.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8304257e3f75bee519bd3d133e10f89982aca3b4
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 10 20:51:12 2007 -0500
#874 - missing refactoring of hash->prf_hash, not caught by faulty make.depend
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e1df2def7133039f16999c1498bd69b313a5fec5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 10 17:47:59 2007 -0500
#874 - complete KE and nonce for R1 packet.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d881941ce89c6cc696642368f18729680308c056
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 10 17:47:41 2007 -0500
#874 - test case for sending KE and nonce for R1 packet.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fcd6d215f5b08ab4dbd7c4c4c05c5994cf34ee58
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 10 14:01:19 2007 -0500
#874 - refactor out seam_gi.c, and refactor to accomodate calculation
of KE and nonce.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2a3a2f5ccc0c16abd3639982569536243b7903de
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 10 14:00:40 2007 -0500
#874 - refactor to incorporate a continuation for calculating the KE/nonce.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d6f472672caaf9a72c7df6e7ad23d2e38ec8164e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 22:04:46 2007 -0500
#874 - adjustments of closing pbs (set length correctly), and to
set the next_payload values in returned SA payload properly.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3ae795da95e6d531765f8e9da374859d8e875768
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 22:04:10 2007 -0500
#874 - test case for returning SA payload of R1 message.
(KE and g^y still needed)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e1bd6fbc0a62c675b697250cdc0444b229dcadce
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 22:00:35 2007 -0500
#874 - in mock send_packet() use source/destination from control structures.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b773fdb807939eda94e7baa353f66f8b4696124f
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 21:18:51 2007 -0500
#874 - basic complete_v2_state_transition()
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 930990d3377d5fd089e2023bf939ea563a50d07e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 21:18:14 2007 -0500
#874 - unit test updated for newly written complete_v2_state_transition().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6677b5dbb6c8d955ead0a0701f5901b3fa7cfcef
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 21:06:28 2007 -0500
#874 - refineconnection unit test discovered a typo in error message.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0767569879f63f638dea911d9f790d9a6f72b85d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 21:05:35 2007 -0500
#874 - fixed up whackmsgtest for new link seam organization.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 33ca15e55b2912c02ecc218c08e6daa9cc3ae1f7
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 21:04:36 2007 -0500
#874 - moved some link seam code around
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6b9e3d290643974f734248a2a4ae3d2ef88c06cd
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 21:02:14 2007 -0500
#874 - fixed up refineconnection --- now that the if-mock structures are
correct, the unit test has to actually use the east data.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f2215f54153b22e74853dfb115aec19095e32e49
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 7 07:37:59 2007 -0500
Fix NAT-T consts
commit 7c6847db42e3aa191e5f8f429b2cf47263b07cd5
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 7 07:22:32 2007 -0500
Update for new log message
commit eb460685a5c9d878aff6ae6e71eb852cc724869e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 00:19:36 2007 -0500
#874 - added parse_ikev2_sa_body()
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d6343069ab7aa92081265a6d9f2a1d1c6eab6e63
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 00:18:50 2007 -0500
#874 - additional hash->prf_hash rename.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d7ab558083b941dc8fad8700401b82823a3f746a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 00:18:14 2007 -0500
#874 - added IKEv2 IDs to crypto algorithms
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b8810e669faf4063f983ac4f6b76fab9d80c9f69
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 00:16:45 2007 -0500
#874 - rename hash->prf_hash, added integ_hash to oakley attributes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9a2e5d0a627707fe0b71dd94cca9952c59f3ace4
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 7 00:13:55 2007 -0500
#874 - make sure to initialize the crypto functions
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9bdbae79d585fa4a8c77edac66350d9ccd3030ec
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:42:14 2007 -0500
Update for new log message
commit 82de64548a52bc260f081d840dab3a76d1e96607
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:41:58 2007 -0500
Update for new log message
commit 2d688dd45784856149120973ecbe8734c5015f2b
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:41:41 2007 -0500
Update for new log message
commit b02f82dd1a3c4252f94c4dfe747c02946af09162
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:41:11 2007 -0500
Update for new log message
commit 3c6f4104ab2f159888baa5705cd2b16e2e84b7bc
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:39:57 2007 -0500
Update for new log message
commit 107ca74b62fadc7a4cf6e70448fb261af419a617
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:39:43 2007 -0500
Update for new log message
commit f09f89436a0fc197c10cb754c9e3289f84fe2529
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:39:07 2007 -0500
Update for new log message
commit 85223f80771659352e51bbf33916e1a5735e1a34
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:37:43 2007 -0500
Update for new log message
commit 4d419c5465fe032b1ef6e60be76c0506302ac209
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:37:34 2007 -0500
Update for new log message
commit 12b27eb58a263459143f711b4e933818ffb9ac26
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:37:10 2007 -0500
Update for new log message
commit 243257ff072e4c5c6123cb4bd4bbde61644da280
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:37:01 2007 -0500
Update for new log message
commit d2be7684ac7d5343e7343e921f7a7233be8c63a6
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:36:36 2007 -0500
Update for new log message
commit 1b6529ba7899437ea5ee83091885c2f91c0b1215
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 6 06:36:27 2007 -0500
Update for new log message
commit 999d241907bde88ae59e54e3029309f49ceae278
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 14:22:38 2007 -0500
preliminairy code for 2.6.23+ nat-t support.
commit d4b53855d7cb207c4ba070a46f09f72145a4e1e7
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 13:20:59 2007 -0500
Don't check for the nat-t patch for klips on 2.6.23+ before attempting
to build nat-t support.
commit d349f1882f22a925e45d62edbf80dafe32d55260
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 12:49:09 2007 -0500
new encaps code is in 2.6.23+, not 2.6.22+
commit ba89c7e59ce606d5e3f2ec173097c7278cd2f261
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 12:43:56 2007 -0500
Added check for 2.6.23 to enable IPSEC_UDP_ENCAP_CONVERT.
commit 975830b53724297baffe20319b18eba7a58b038f
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 12:42:31 2007 -0500
Moved check for 2,6,21 to proper place.
commit 131c852cdc4c79b27dff8e8fb1957f0fb35cb015
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 5 12:41:49 2007 -0500
Remove duplucate 2,6,20 check.
commit bf0fa47079b779953c2d864ea90c296337381e5e
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Nov 4 10:08:55 2007 -0500
Fix spelling
commit f3a4c57e3cca974d2bb776d1a063cfff3178bab7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 14:56:49 2007 -0400
changes to NAT-T vendor ID, fixed to make test case pass.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bc666c1376b97b7c90d0885e01105d4838592070
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 14:41:00 2007 -0400
fixed various typos/merge errors, removing wrong merge code.
reapplied KLIPS_SATOT() to ipsec_sa.c (as it has been refactored),
and removed all remaining CONFIG_KLIPS_ALG.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 31f92cfbded671aacd6beb9e1dcf22ca1b2ca8ec
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 14:03:50 2007 -0400
added changes from 2.4.10
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cc328bfc9736c0732df3d4f0ddc11129bb36f073
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 14:02:54 2007 -0400
pullup of 2.4.10 fix for #802
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8e06f66acf4cd80020b4534ce7ba604d8618221e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:25:11 2007 -0400
updated l2tp examples to match new code (17/0 issue)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 84965c92d3de66831745308a563ce2140be3c27c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:24:33 2007 -0400
lsb says that exit codes from init scripts are more complicated than 0/1.
do not use the word "running" in any output, where openswan is not in fact
running.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ff1f79aaac577b8adbd149a8440aa944f474f8f9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:23:01 2007 -0400
make CONFIG_KLIPS_ALG set by default, let some people override
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9baca3cc5fc3e0e84a80a6deb487209b018c688a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:14:21 2007 -0400
make sure that backquote is dropped when we pass items to the shell.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 520c64ef305cafca1ce0c7110a9f86c4a115eb43
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:07:05 2007 -0400
uClibc's resolver is to be considered "OLD"
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e61f64fbc5975de8abc48d86ebafc48f89b0697a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 13:43:49 2007 -0400
Make sure that all linking for pluto directory is done with LDFLAGS
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3bd288d502e98e2f2a5d0dcf45c51ef32923d2b4
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 13:42:51 2007 -0400
PAM required dynamic linker (-ldl)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 345b6aae6212a7d4ce3edad1c0a391745fab926a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 13:41:37 2007 -0400
remove erroneously commited merge cruft.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 74865ffc9ce06064c9098d7fa97b3c88943ea49c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 13:33:54 2007 -0400
use proper modprobe for openwrt.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d398eb4609f804d2bd81e3c571f2ce972fad1fe8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:04:58 2007 -0400
be tolerant of having thousands of interfaces.
"ps -p" is not part of busybox.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 839201375ced94645f39e584d472b7930a0ee32d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:04:10 2007 -0400
added redhat-rpm-config dependancy
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a9b5eaf76c93ccbed0d4bf0889c8654a23877530
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:03:53 2007 -0400
install startup script in proper place, use explicit path to insmod.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6269c9192f12eedc810f389f2ed83664d17b1453
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:03:12 2007 -0400
turns off UDP checksums (for transport mode) by default.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f6744d5ef6541bdea924280211f8d7b8ec0945da
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:02:30 2007 -0400
do not calculate SA strings, unless debugging is on
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d6fa30af7eb98a52189399e64f2de6f03f408db0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:59:44 2007 -0400
added prototype for strstr
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 288529a2325e07b8945f890cc5185d21eb245c71
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:59:23 2007 -0400
patches for 2.6.22, skb-pointer-changes
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 42c7973dbc55130ba19bf85e7fa5ff5ca7fbc9d7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 13:03:57 2007 -0400
Fixed some merge problems against 2.4.10 changes, and remove some experimental MCR code
relating to non-BEHAVE compliant NAPT.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dd23aa2f0de21a3ccfae8c0b1e81ec9c3378dbaa
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:58:22 2007 -0400
cherry-picked a06e7cd23a08e82c315048cfc2f2839989e8f9f0 and friends for more VIDs
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a96acadc35dd662b04588595e29c90acd62c2816
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:46:49 2007 -0400
make cross-compilation/embedded systems easier by letting FINAL* be
overridden in Makefile.inc (care of davidm at snapgear.com)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0802e451a8894f466933ce5bb56bd79a1c85450b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:42:41 2007 -0400
changes for 2.4.9
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 45e0103259e05882bca95436214c1e3380ee49dd
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:42:25 2007 -0400
use a more portable way to check for super-user
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 48a6f1e4867838d292e5595a9d93403511b2f153
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:40:33 2007 -0400
turn off debugging of NAT-T changes off unless asked for
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4a637aa3701fb5907b0c0cafa1e0e7f59eae9a81
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 11:37:38 2007 -0400
using custom auth algorithms. This is bug #811. Patch by "iamscared".
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9cd46a3730e1c804925c80ab049798d3a0d049d7
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 5 20:06:29 2007 -0400
initial fix for NAT-T + aggressive mode.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7bc2792304d7dae4332699a79663ffb9840a3065
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 3 12:32:10 2007 -0400
tentative changes to make KLIPS do NAT-T with 2.6.23.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1883e98c35d063b2495e8846e70200a4f0f4918b
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 1 09:35:33 2007 -0400
#874 - move low-level packet I/O to server.c, to make it easier to unit test.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 03d95cc7349a77162d2bd385c07a0be60782adbb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 1 09:30:25 2007 -0400
#874 - testing infrastructure for packet from responder.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e2ef863bfb5a66af988f4b4b77a0ff75376f8028
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 31 21:32:32 2007 -0400
#864 - receive and decode IKEv2 parent I1 packet.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f8c876a71acff1c5156e4ed614bd73748b145bad
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 31 21:31:35 2007 -0400
updated test case to have proper east/west seams.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5038126b322a39cec513006014e526c8424ad534
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 31 21:31:13 2007 -0400
#864 - added packet.c to libpluto
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8a1ceabc7a100636ac5890921aa8923883c0eee5
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 31 21:29:52 2007 -0400
#864 - renamed file to libpluto.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4a3ce95791ec8405171639250f9429d8c74432b1
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 31 21:26:07 2007 -0400
#864 - moved packet.c to libpluto, and added generic ikev2 header, and re-used
it for a number of payloads.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cc13b462624731c50f38feff1d0256051606d9e0
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 30 10:27:08 2007 -0400
use input file with proper IP addresses for the policy which is loaded.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 26d3067ab090fbfaa4527062adbd78e3b5c8330f
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 30 10:26:23 2007 -0400
fix mock I/O routines to use proper addresses for east/west.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 501b58cd3c58ca7f2c9305218e1d940af23b6121
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 29 10:55:05 2007 -0400
#864 - have "make check" be quieter so that results can more easily be seen.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 07b9991f493668acd3d413bfba42032ce827863d
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Oct 29 00:35:49 2007 -0400
Add description based on old commit log
commit 6b1ce2136916b938f39462b6c031587e7064be38
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Oct 29 00:35:08 2007 -0400
1st pass at test cleanup
commit 9123ff815bc46a4cd65b20d0554851eb85bff12b
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Oct 29 00:12:10 2007 -0400
Add missing final.sh script
commit 5d4f444770950dac748cb0e22f9a164a63e94d4d
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Oct 29 00:07:55 2007 -0400
Revert eroute - look includes this, and worked
commit b718e6e39da46acfdd0151596092433352e778de
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Oct 29 00:03:26 2007 -0400
look at eroutes
commit e47f50217cfb4a1cf0a7eeec700d1950d9e1fe29
Author: Ken Bantoft <ken at mbp.local>
Date: Sun Oct 28 23:52:41 2007 -0400
Adjust to 4168
commit 7fdfcee16cea4d6987e49610adc40750f7c77d3a
Author: Ken Bantoft <ken at mbp.local>
Date: Sun Oct 28 23:48:50 2007 -0400
Fix placement of type=
commit c575b214df86edc16d1c48777ce1683250d4581f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 28 23:46:17 2007 -0400
#864 - initial work on parsing I1 packet, and state machine for IKEv2
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a346ebe019d18ceba87f0f49a6432ce06706e43f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 28 23:45:35 2007 -0400
#864 - initial test case for parsing I1 packet.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0d2908e205e5e82f6d8b99093cb895901db801a5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 28 23:45:08 2007 -0400
#864 - fixed parentI1 test case for revised code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 92299a756cff4131a73e1e4ec903df29fe6f3c42
Merge: 2985a81 df2f631
Author: Ken Bantoft <ken at mbp.local>
Date: Sun Oct 28 21:45:58 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan#testing
commit 2985a810999537c7130f1ead01a4414ac8844c6b
Author: Ken Bantoft <ken at mbp.local>
Date: Sun Oct 28 21:45:28 2007 -0400
Adjust ID's to match new certs
commit df2f63138ee31bdec71f76831803cd51c19b730b
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Oct 27 20:08:19 2007 -0400
Added missing space (bug 861)
commit e9c2b282684fc3c4ac31577539d6424057ab4ce9
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 25 23:48:21 2007 -0400
#864 - create whackrecord for responding side.
commit 14b3f6ae9217385327761827caa3211f714da124
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 25 23:47:42 2007 -0400
#864 - initial test case for processing received IKEv2 messages.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 61ca11aa39b7d624ba5f263f0cc46bf82b09de76
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 25 23:47:11 2007 -0400
#833 - include missing items from parentI1 test case.
commit 6e35fe51c958608430b85702927f15caffa0b934
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 25 23:44:54 2007 -0400
#864 - refactor out seam_initiate.c to seperate interface definitions.
commit 14a95244940e2c467c5e9c4e606c6788a851245a
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 25 23:41:15 2007 -0400
make sure to quote the stat, to make argument count correct.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 67548e95285fc6b86ef69573a449c2dd6277e2e6
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 24 22:54:35 2007 -0400
#833 - refactored demux.c into demux.c/ikev1.c, so that we can split out
complete_*_state_transition(), which will have to be very
different for ikev2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7384da2c8c6de76fb15e689938887dac29ca9a96
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 24 21:40:07 2007 -0400
#833 - initialize the sadb earlier, and from it, get the correct group
definition so that it can be used for exponentiation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 65f0d8f722cfd7f0ed38858e4ca8e641a31b436c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 24 21:39:28 2007 -0400
properly ignore testing results.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 37aed971202e7c0ea9359f0a1e88412223d1dd5e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 24 21:36:06 2007 -0400
#833 - revised test case, this time it includes code to set up the group
field that is needed for the non-mock build_ke().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6b4dd9a0c0502623f66aeeb099f755004a865948
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 23 21:44:58 2007 -0400
#838 - test case to interoperate with self.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2cc69e147a326a02036e2e1f009751d33fa7a3fe
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 23 21:43:23 2007 -0400
#864 - test case for processing IKEv2 messages.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 002ef2b4e62d6c939f16484c97c482ff58241e61
Merge: 454f1b7 47e1291
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 23 20:10:38 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit 454f1b735dcbf767e04d11f88f3707a31b358645
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 23 20:10:16 2007 -0400
Show the date/time stamps used with the certificates.
commit 47e12910d171926d143416c89eca6a445bf6c509
Merge: 640bb58 ac4adf5
Author: Ken Bantoft <ken at mbp.local>
Date: Tue Oct 23 20:09:45 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan#testing
commit 640bb5807341fbe51f3d9ed71ace9d09d14b0e98
Author: Ken Bantoft <ken at mbp.local>
Date: Tue Oct 23 20:09:19 2007 -0400
Default to *this* month
commit ac4adf5966d23aaa7579282b884b4f5d7611796d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 23 19:53:16 2007 -0400
Uncommited lingering file for include test case.
commit 2a9656bd8f35373e4934938cfbb7e2d1a3946a21
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 22 20:44:14 2007 -0400
#833 - move location of leak_detective definition into library.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ee4b939390cc1fc1817fcd2ea86df183259a7eeb
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 22 20:43:50 2007 -0400
#833 - fix change in include file commit -> critical.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a9c2f7df84ca8b89db42391cac1d97ad24b11b30
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 22 20:42:48 2007 -0400
#833 - use proper vendor ID.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b3f9d852bba0d653c80db8315ee8c50f49f5046c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 21 20:56:50 2007 -0400
#833 - code to send out IKEv2 parent outI1
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 773cb3e53d6949278f5a99418c15df34a765aaa2
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 21 20:56:19 2007 -0400
clairified which kind of unit test case is being run.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d27cb74aeac128d4942fae2dff34def1ce9b0261
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 21 20:54:42 2007 -0400
#833 - test case for sending out IKEv2 parent I1 packet.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 21c9211f7d586f52061ea767621864626ef23261
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 21 16:27:40 2007 -0400
in order to build unit tests with leak detective enabled, all library routines, and pieces of
pluto which are used in unit tests needs to be built with leak detective available. That means
that really, leak_detective needs to be a run-time setting. This doesn't mean that one can turn
it on/off at runtime, but rather that if it is one/off is a link time determination.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a2cf0fb56bedc28bb1862562adf3661cb58d6433
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 21 15:37:08 2007 -0400
refactor to make ke_continuation shared between ikev1 and ikev2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 95693228f07d3e789515f00d4fa7e3135e2258ed
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 21 15:11:28 2007 -0400
#833 - split up outI1 so that the g^x can be calculated.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fd66320ed5c7306317b4ad8ad739712616b08417
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Oct 21 13:01:25 2007 -0400
Specify touch location, as within harness, touch is a script instead
commit 6dffe2f2f8c438ef5d01277e1f2ca3241b4e55d0
Author: Ken Bantoft <ken at xelerance.com>
Date: Sun Oct 21 11:50:18 2007 -0400
Add esp0x... message that is now printed
commit 5e7a23279064c42ee52942781286afb7f52ee539
Merge: 0810c5e 6abc588
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Oct 20 17:03:55 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan#testing
commit 0810c5e0607856de9f49908be73f671fe448d398
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Oct 20 16:58:41 2007 -0400
Add VID's for Vista (from Openswan 2.4)
commit 6abc5885fbbcbee34eb4f4c6a0011fafc17a050f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:57:59 2007 -0400
Revert "ikeping needs to set socket family when it sets the port number for the originating port."
This was not a commit of the right file at all.
This reverts commit 27024b9eb48b031d7c2e52f380708d77843e4fab.
commit 1b16d354ed4c2094523ab84d52fd62c5a52e42d0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:56:25 2007 -0400
make sure to set socket family for originating port number.
commit a7d0596f4cb4e8041b7382a96ab92de000b5f522
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:11:44 2007 -0400
set emacs variables for pluto_crypt.h
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 27024b9eb48b031d7c2e52f380708d77843e4fab
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:53:24 2007 -0400
ikeping needs to set socket family when it sets the port number for the originating port.
commit 0c555c2396bd1efeb9346f8870c159940eed571d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:31:32 2007 -0400
previous cherry-pick missed msgdigest.c file!
commit 0776910c9d8737b265e7d2f1af8a112971995b62
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:30:43 2007 -0400
set sin6_family for IPv6 sockets.
commit 68ff62b2e51a9320d70b73d37c5bf0e5fdf9c154
Merge: e50689d 6f056e6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:11:44 2007 -0400
set emacs variables for pluto_crypt.h
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6f056e6646886bc10ecc14c27d6fd80acfa49b9e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:11:44 2007 -0400
set emacs variables for pluto_crypt.h
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b196414754663eb4afddbbabbd31611743c290ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:11:08 2007 -0400
#833 - refactor msg_digest to permit it to be included without the rest of
demux.c.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e50689d62b5386cbf807399f2951dadff883e2e3
Merge: 5e19aca 5f468ca
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:03:21 2007 -0400
Merge branch 'testing' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/
commit 5e19acaac3a884d5f40bfec955cc7d0f8793627c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 20 16:03:07 2007 -0400
ikeping does not set the socket family when only a source port is specified,
but no source IP address.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5f468ca5b49e35fd841973405a27335caa2d9d65
Author: Ken Bantoft <ken at mbp.local>
Date: Sat Oct 20 15:36:29 2007 -0400
Generate X.509 certs at runtime
This ensures we have up to date certs to run the tests with, and
that we don't lapse past expiry on certs, or run before some certs
are valid.
commit b443c0410728a32b1e85e7b15ff83a2d0971dda1
Author: Ken Bantoft <ken at mbp.local>
Date: Fri Oct 19 19:43:37 2007 -0400
Delete the right crl, since we renamed it
commit 1d20ee4fa245303f7367222855a78ffe7d6e8270
Author: Ken Bantoft <ken at mbp.local>
Date: Fri Oct 19 19:30:21 2007 -0400
Match output of new certs
commit 5bc791611752cc39637f22053a97f41c9d43a4e3
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 19 16:35:20 2007 -0400
Added showhostkey-03 that detects if we can load keys via an include
statement in ipsec.secrets properly.
See https://bugzilla.redhat.com/show_bug.cgi?id=168391
commit 42c40b91e955e2db1cbf01eca19b1c7e9950dbdd
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 19 14:11:14 2007 -0400
Added ipsec SAref diagram to docs/
commit 8108e275d599fad86ecf195189cf06912cc444d6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 19 12:21:19 2007 -0400
Fix secrets file to use .key instead of .crt to point to private keys.
commit 19bf357be9bd4d8c384975bbfe99358938ae507d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 18 16:11:30 2007 -0400
#833 - generate SA proposal payload structure properly from spdb structures.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 56033be7f1f483d015ab3017230fc7befec69de3
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 18 16:11:08 2007 -0400
fixed typo in generation of .gdbinit file.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2a91fcd9dba68b5c32b4cc63ec6ed161a5a1e850
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 18 16:10:37 2007 -0400
#833 - the out-struct() needs to have structures that actually match the
on-wire packet format wrt reserved fields.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9196e31243ab7d69d920fe2c773579e3ffe17252
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 18 16:09:23 2007 -0400
#833 - now creates sane PARENT_SA SA proposal. KE and N payloads still needed
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 829188bdea53850b1f03283f6ffb04333abee1c8
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 18 16:05:56 2007 -0400
#834 - added missing FLAGS.spdbv2 and ignore test output from spdbv2 test
commit 8f60311d93279b9c3ab683a56761c40faf5860dd
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 17 22:59:53 2007 -0400
#834 - adjusted test case output to include decoded attributes
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4958ba6a0a6408c55c0441c08648d17cd4119642
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 17 22:56:48 2007 -0400
#834 - convert v1 structures to v2 structures and print them all out properly.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 00a1d35106816a109c518db478936481f7998ee8
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 17 22:56:22 2007 -0400
#834 - test case to convert v1 to v2 proposals.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cc6636ae63e0fed80cf7b683c02ecd6970173273
Author: Ken Bantoft <ken at mbp.local>
Date: Sat Oct 13 23:54:12 2007 -0400
Rewrote checks for regress function, as they made my head hurt
tracking down a false failure. We now print/log the error returned
too
commit ebdb120f08ee8a8fbf1c3150b1d48e80a663ba70
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 13 23:16:26 2007 -0400
added IKEv2 proposal structures, with adjusted ikev2 proposal printer.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a034e313e1e95f13cbfca86f18cd44326b33cf47
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 13 23:15:33 2007 -0400
code to convert an IKEv1 proposal policy structure to an IKEv2 one.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 89d1b1d6f3e9a40923062f1767144b62e9adf598
Merge: e7f11d2 26fb5de
Author: Ken Bantoft <ken at mbp.local>
Date: Sat Oct 13 20:14:46 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan#testing
commit e7f11d2e36cfe1a72949a94367ac1884b5f9f32e
Author: Ken Bantoft <ken at mbp.local>
Date: Sat Oct 13 20:14:21 2007 -0400
manual is deprecated
commit 6cbdb7924df64918b0c0f84703574e5ee9cec6ee
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 13 20:09:03 2007 -0400
added protocol ID as a string to spdb_print routines.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a83f0a0403950c1ee5ab864cfa50fb635dc26f7a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 13 19:44:26 2007 -0400
possible desired output from spdb_v2_convert()
commit 392257b325ac13771a21e244055259a6d0603078
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 13 12:44:27 2007 -0400
removed old libfreeswan search path.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 26fb5deefb6603d5b68e61e846d7ec57ac1a037a
Author: Paul Wouters <paul at paul.lan>
Date: Fri Oct 12 16:07:23 2007 -0400
Add mcr's example oe conn for letting dns go through %pass routes.
commit 7d8b8134020cdbe382ceb7cb97bb07830bb366c9
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 12 15:51:10 2007 -0400
#600 - resolves multiple definitions.
commit bdece0cde527c1d2b8086424ff0b8b51c480a2d0
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 12 15:50:04 2007 -0400
deprecated "ipsec manual"
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5e15ec814f04ecaee10e76f725bdae8336e11acb
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 12 15:19:45 2007 -0400
workaround for #802- "our client ID returned doesn't match my proposal"
until such time as #849 is properly fixed.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 41ebd4822b5c9cd51b9109b0d774e11cf6c5dda7
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 12 14:23:26 2007 -0400
added note about #852
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fa56498bd380802afab358c86dcd9dfb4727e95a
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 12 14:22:18 2007 -0400
clarified change to flow, fixing #852.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e52f3f68235763d520b62b87e3bcf295840edc16
Merge: 0e5faa3 3c1da59
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 12 14:18:00 2007 -0400
Merge branch 'testing' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/
commit d22563807abb57ddc5b1269d5467b343f0962bd3
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 11 22:07:48 2007 -0400
filter out ARP requests in pcap files using no-arp-pcap2, and include
PATH= pointing at ../../klips/fixups/. This is due to further changes
in tcpdump output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 560a27094a85d8089f22bf1bc47acc021e8a6114
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 11 21:35:52 2007 -0400
added header to fix warning.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 82b9652d3f3e79d22a32bceb3d37e046ba0b8403
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 11 21:34:42 2007 -0400
adjusted output for parentI1
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 55753da9ceef5a71e9f563a30751f94818ba0df5
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 11 21:32:03 2007 -0400
added entries to spdb.h to store IKEv2-type policies.
changed AD() macro to various AD_xx().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0d4a011844f2116136cf5285e783aa07b3928472
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 11 21:28:52 2007 -0400
added all sorts of IKEv2 constants.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b2e70aa10bcca1f78af360df11bfa934ed77b96b
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Oct 10 22:05:32 2007 -0400
Use correct kernel. Test still fails, as Makefile still looks for
things in old locations - will fix later
commit 3c1da59d66645d158cfa6f6bbb29e7dce85f71ff
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Oct 10 21:42:05 2007 -0400
Increase packet count
commit 45fc11cc5f686bcc0b555350387d7445889ba423
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Oct 10 21:41:32 2007 -0400
Commenting out old tests we've been skipping for > 18 months
commit 8169d7f524a4d2f1136fa650c8b4ef425e491d33
Merge: beb0907 357912e
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Oct 10 17:57:31 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan#testing
commit beb0907a2900fa61584f3c6a14ae5c78fb0ecac3
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Oct 10 17:53:46 2007 -0400
pluto-alias-01 never actually existed
commit 357912efb8d8cfe44fbcc097fe095fec9b1cd248
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 10 17:33:44 2007 -0400
Fix cert names to use .crt instead of .pem
commit e6693fbb270dbe67f008ade5cf9748cc55b2ae08
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 10 14:32:55 2007 -0400
Fix the check for AH+ESP. It also caught policies where ESP nor AH were
were set (eg for passthrough) but where c->policy is set to another
policy (POLICY_SHUNT_MASK? POLICY_OPPO?)
commit f2e7b4d0521054c3e1749ddf81060db69aa99cf1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 10 13:58:15 2007 -0400
Fix expected DN.
commit f1371e53d73e1263e0adf24eeeeccafe08edcca1
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 10 13:56:27 2007 -0400
Convert DOS file to unix.
commit d0614e8f894a56dfd77b91391f9924813bb773f3
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 10 13:51:03 2007 -0400
Fix passwords of private key files.
commit 08446e47f27ef1af5e3ea4d2ac0f43e7ce15a191
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 9 22:45:48 2007 -0400
put gdbinfo into correct file.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 27234056ac41cee7ed9d24e17fc8c619725b784b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 9 22:45:17 2007 -0400
output *v2*NEXT SA, and first parts of security association/proposals.
commit 33c372b38fd368ff0d8ec09c44030b95bc9bb0bd
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 9 22:44:03 2007 -0400
test case for emitting first message of IKEv2 negotiation.
This outputs to a pcap file and then uses tcpdump to dissect the results,
verifying if it's sane. (It is not yet, sane)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f8b0b53af166675f03df92ed44147c6abaae4611
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 9 21:15:42 2007 -0400
added ikev2_sa and ikev2_prop packet descriptions.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0b757a4e567f7f0ce0c4c8182510725383b63ab5
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 9 21:12:15 2007 -0400
added ikev2_out_sa() skeleton function.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cdb10a4a45f904c93bccdcd39f1dd51b758f6209
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 6 22:23:16 2007 -0400
parentI1 unit test compiles, but now requires additional meat.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2e8bc92e5be517bc2e7c1b7b83be0459ff3770d1
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 6 22:22:53 2007 -0400
record creation of ikev2 policy for use in parentI1 test.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e7ed25ded81cee5c501e7dc6c2b6a14526394b6b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 6 22:22:12 2007 -0400
added ikev2 flags and values.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0e5faa3525a4059dbbe2848d4ccbb6e9125f3f25
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 6 22:21:31 2007 -0400
create .gdbinit files for libtest and multilibtest situations.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5ae416cc1238e8c34ac4ece1d73160f984edf56c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 6 22:21:31 2007 -0400
create .gdbinit files for libtest and multilibtest situations.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 584c412454ad3af166140fc1acdd2ffeae415a45
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 6 21:39:12 2007 -0400
renamed flag from "IKEV2" to "IKEV2ALLOW"
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7eec254e81c7d7a1b7a8e2015500972e6eb66538
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 6 21:38:34 2007 -0400
move processing of ikev2 to confread/ so that confwrite can output the cooked
values, which permits easier debugging of that logic.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8d47fd7d61142d3b89908bdf547962aa0d7604f6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 6 21:37:35 2007 -0400
added new test case for ikev2=propose.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 06badf587e36f656e5de9588b6f1f0c6547cae13
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 6 21:34:01 2007 -0400
east actually is configured to have ikev2 off.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 105316e882ec8051015f2c1ad77f1858576eb071
Author: Ken Bantoft <ken at mbp.local>
Date: Sat Oct 6 09:25:37 2007 -0400
Match output
commit 5d8ab42473f41bef3175ce453b126e4bf3700dd1
Author: Ken Bantoft <ken at mbp.local>
Date: Sat Oct 6 09:24:21 2007 -0400
Match new cert content
commit dc849c7914cae47b0facd3b3a92b4540544a1e95
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Oct 6 00:57:55 2007 -0400
Fix references from nic.crl to ca.crl.
Fix openssl commands used in der format conversion.
commit 1b5e66e8af74757c20fa6ce93e8b7ccb2890142c
Author: Ken Bantoft <ken at mbp.local>
Date: Fri Oct 5 21:54:46 2007 -0400
Fix DN on cert keys
commit a776d5a8c2295a0c30d676de5eae4b6098b82575
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 5 11:31:28 2007 -0400
Set better defaulst for OSX
commit cd24242c7a1bf2f2d27187bc71fdf379087418ce
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 5 10:21:15 2007 -0400
make BISONOSFLAGS and make it empty by default.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ef30f73c8e027facbb0ee2e94319a4c38f8d789c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 5 01:20:04 2007 -0400
#if !defined(MACINTOSH) does not work. Fixed the define to properly
recognise OSX.
commit 3095d6b0729063d16a7a935477b157915862e2cc
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 5 00:34:31 2007 -0400
Missing #endif for do_command_darwin()
commit cb79fc4824e125a50a433cc4c6b2cec5c90d08f3
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 5 00:25:06 2007 -0400
Added sysdep_darwin.c based on my old #macosx tree (thanks to dhr!)
commit 7f69bc575e0d20f07372dc48fc59d9e28191ff86
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 5 00:20:50 2007 -0400
Added clarification for bzero call as comment
commit add7d5eb6e490f6a4490aa05b7eb860f8c225c2d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 5 00:17:42 2007 -0400
Changed whackaddrlen from unsigned int to socklen_t
commit e7c4651185955739d7ef9e038a88e8fcdfc8a065
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Oct 5 00:15:14 2007 -0400
Added do_command_darwin() to kernel.h
commit c74d7c1a96909f198774f8d5f7bdbc6160b6d740
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 4 23:53:42 2007 -0400
OSX defines _SYS_QUEUE_H_ instead of _SYS_QUEUE_H. Check for both before
including our own include/sysqueue.h
commit c38a6b98e58cd416653169962bfdd4febc3a804c
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 4 23:47:07 2007 -0400
Workaround for missing HOST_NAME_MAX in unistd.h, similar to the fix
for id.c/myid.c
commit f2cfe88a43c7e16bb9b869c5e21ea3afc188822e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 4 23:43:12 2007 -0400
Remove double quotes around BISON="yacc -b parser" - OSX will otherwise
try to start that command included the spaces in it as a single command.
commit a471beef216cf1602d41e96b0271a605425bd008
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 4 23:15:58 2007 -0400
minor updates
commit c07436bedf1341b3555dbebdec1d416954aa685f
Merge: 09b0978 0c2b36b
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 4 23:15:33 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit 09b0978496a1e5b6151a472e51d19da2decb16c4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 4 23:09:40 2007 -0400
Revert "Missing assert.h (gave issues on OSX)"
This reverts commit 51a5192e42d21100800e714265e18d30d4a61fac.
commit 51a5192e42d21100800e714265e18d30d4a61fac
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 4 23:07:57 2007 -0400
Missing assert.h (gave issues on OSX)
commit d5fa097baed64708e0d5a95d290553258c1af2f3
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 4 23:02:18 2007 -0400
Better support for OSX (lost commit?)
commit 0c2b36b7d3ac7c439475ac078a7fcaa11dfe851d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 22:50:45 2007 -0400
fixed sanity converter to deal with new outputs, revised several test cases to work
with this output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fc97b76697ba51a99b90ec25a5e88a3004c70b34
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 22:50:45 2007 -0400
fixed sanity converter to deal with new outputs, revised several test cases to work
with this output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3b8a2a7766f88b1273b015c366a0d158a8bb6ecd
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 4 22:27:37 2007 -0400
For OSX/Freebsd the address space MUST be zeroed.
This fix somehow got lost in the lost OSX git tree.
commit fdc59e3dda7ca98e41fc5a1c7557b7090724dbf7
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 22:11:25 2007 -0400
refactored show_connection_status() to get show_one_connection() out.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e0b77497daa09539cdec18782bc4ba517e33db76
Merge: a3fac89 b4db345
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 21:31:23 2007 -0400
set srcdir better.
commit aab798fd136c12e7663be6e673fe60d7e138b744
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 21:31:23 2007 -0400
set srcdir better.
commit 1d7a0b40f972a01b9a8445e2ffb3c5f4000541c3
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 21:31:00 2007 -0400
added comment about hex value to help with debugging stage.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2577ca3e04029542fe1afe685496130509af0817
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 21:27:45 2007 -0400
additional refactoring of ipsec_doi.c code to make unit test cases easier to link.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 93bd2f43fa3e86479d4795ebe825d9db6fbc3b8f
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 21:24:57 2007 -0400
parent I1 message unit test now compiles, but fails.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a3fac8901c107b5961d5890c59f25989b32f7130
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 15:12:42 2007 -0400
adjusted makefiles to srcdir properly, if not already set.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d7c6fa2ee04664ea9933406a7ebc58011a716b13
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 15:12:42 2007 -0400
adjusted makefiles to srcdir properly, if not already set.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d4c0de1d3b5b516fe73d52ed2c304ca45f8ebe99
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 15:09:15 2007 -0400
if a directory has a global FLAGS, include it first.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0f2d1433ea3b10eded13d0a5d03ba42a226f4c74
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 15:08:38 2007 -0400
add missing libraries and adjust output to match
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit df462603c6a42b5b8085fbbf4094dc8d196af2d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 15:03:25 2007 -0400
removed old cvs cruft
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0f3fa9ccd08581396341f26253f167a6eaa53fcb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 15:09:15 2007 -0400
if a directory has a global FLAGS, include it first.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 735481f4ecb07579f274050ccc682c3e231cba50
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 15:08:38 2007 -0400
add missing libraries and adjust output to match
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7b3668fd7679613feee0a731eb8b975a941d04d1
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 4 15:03:25 2007 -0400
removed old cvs cruft
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b4db3454f0f44b0257c8c4dfb089b3c91edc267b
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Oct 4 06:23:09 2007 -0400
Match output with ping summary
commit d5795dd810000b7d8e4a988819db8f7350d57f12
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Oct 4 06:22:45 2007 -0400
Match output with ping summary
commit f6d3db55fb043530319a53e3b236f0ea48372175
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Oct 4 06:12:16 2007 -0400
Updat tests to reflect new names and IDs
commit 113e9063d8266ecee76fcbf3c056475c10f4f302
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Oct 4 06:10:51 2007 -0400
Updat tests to reflect new names and IDs
commit d24ee3c992f6ef7bd1811cc99fc039a975a2d13e
Merge: 02e06f5 bd1ff1f
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 3 23:00:15 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit 02e06f551afc48e8b06997fe4fef246e05a0f209
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 3 22:58:51 2007 -0400
Fix up testcase ID's to new scheme. Fixed a bunch of wrong certs in conns.
Copied uml.freeswan.org key to testing.xelerance.com key for bind.
commit bd1ff1ffdc8b9663b1f23fe410fff7e09f7a72db
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Oct 3 22:15:57 2007 -0400
Fix Makefile to work for make check, and others. mcr things something
might be broken higher up with srcdir=, but will investigate later
commit d63640a96633ddb52ea4a92f2114b435478ebdd8
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Oct 3 21:36:10 2007 -0400
Use new cert filenames
commit 2005d85feb3c6ce618063be2014286aaf788e66e
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Oct 3 21:34:57 2007 -0400
Use new cert filenames
commit d1ec235d2a28751ef70d03d44e6f50664c8b5210
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Oct 3 21:33:51 2007 -0400
Use new cert filenames
commit 0500a7bf36b643d20a40a5a448145e0c93db6486
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 2 21:12:54 2007 -0400
Fix descriptions that mention filenames and CN='s
commit 16aa4eae61eb51304ef17c3456d1bb516193ae85
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 2 21:05:35 2007 -0400
Comitting a set of generated test certs for Ken's test of the new cert
generating system.
commit 2e6467daca13244d75e2a807b4260909569176a3
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 2 21:05:07 2007 -0400
Fix testcases to use new on-the-fly certificates
commit b704170d02d006069afe81fa0db3477126f415f5
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 2 20:42:02 2007 -0400
Fix copying the keys to baseconfig/all
commit 5413dafe73181a40fa5064ff661bed9e32dd025e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 2 17:49:48 2007 -0400
additional refactoring of ipsec_doi.c to remove ikev1 code (necessary for ikev2 unit
test cases.)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 79879f802df10e31a9ba43ae44fe54c7bdcb03e8
Merge: 2f14e96 428c0fb
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 2 02:12:21 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit 2f14e964812c5d6d5266ae74bcf23e267bff8484
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 2 02:11:59 2007 -0400
Renamed script to dist_cert. It now creates all certs with proper date
stamps, making them valid two days ago until the future (or until
yesterday). It also installs all the generates files in the baseconfigs/all
and the private keys in baseconfigs/XXX/, like CA/dist_cert did.
commit 028bc0b2a27d7146802acffd3961453883b98f5c
Merge: b10e14c 428c0fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 1 20:03:40 2007 -0400
Merge with /osw/v2.6.00
commit 428c0fbda1311633cef96f4f9ddd7af1f3d09364
Merge: 2c6746a bf1487d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 1 20:03:22 2007 -0400
Merge branch 'testing' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/
commit 2c6746a69179d25f80dff7a3516433a3d4a28e3d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 1 20:02:20 2007 -0400
enable test cases in lib/libpluto
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b71c77ffab3f547f5b4457400b8499a53a5425a9
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 1 20:01:37 2007 -0400
adjusted test cases to work --- lost seam_alg.c, recreated it as simpler code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b10e14c4b7992d4d02a067d074225cf20fad4d89
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 1 20:02:20 2007 -0400
enable test cases in lib/libpluto
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a76228a35c08bd0b94b4598f84911f0b6a724dde
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 1 20:02:10 2007 -0400
move initialize_new_state() to ipsec_doi.c, since it adds dependancies to cookie.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9603715f7b14f628b90563c22324bb4a8899e434
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 1 20:01:37 2007 -0400
adjusted test cases to work --- lost seam_alg.c, recreated it as simpler code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3197f4ffd9e0bc933c82d406630d33049bac4fe5
Merge: d0f21da e01ba71
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Sep 29 17:42:02 2007 -0400
Merge with /osw/v2.6.00
commit bf1487d298a80f278b1d8464600be7c6316e4159
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Sep 29 01:10:51 2007 -0400
Added cert where cert CN == CA CN
commit 32b12a9298703a47cc3bfcc8fce649c01559ea60
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Sep 29 01:08:59 2007 -0400
Fix RSA key sizes for non-bigkey clients.
commit b1c140f01a79d65854c459cedd7b80ada8c760ab
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Sep 29 01:07:18 2007 -0400
Add revoked cert and CRL generating.
commit 80f3d84287a484b945996a863afab6e83eabd301
Merge: ef9d378 16e7a2a
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Sep 29 00:49:04 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit ef9d37825684988fb50aea20e4d0e344b194650a
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Sep 29 00:48:33 2007 -0400
Start of the new X509 generating test certs code. Currently generates
all the reqs, keys, certs, pkcs12 and ca's, including some special test
cases (big rsa key, wrong dn, wrong ca, unwise charachters, etc)
commit 16e7a2a28b0646d6d77b2a8c0aeeea1ec19dc762
Merge: 2157048 e01ba71
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Fri Sep 28 21:19:01 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan#testing
commit 215704871ceac7f60034aee0e8f5d8ccea60b3cd
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Fri Sep 28 21:17:09 2007 -0400
Clean this up a bit
commit d0f21da139e61711d5c4d1e9bb4431a01e21b9a5
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 28 20:44:08 2007 -0400
added missing ikev2.h file.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2ce2b62b09afc951a243e3f41b3c4bd0b22e6ee9
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 22:23:11 2007 -0400
various bits of refactoring to introduce some ikev2 values and
codes. basic-pluto-01 still works.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e82e1d64532a91bf309b2535e4402baf7cc22682
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 21:07:27 2007 -0400
canonicalization of debug output
commit e01ba71094824305c0c419ddbf40823fabbd19b0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 21:06:23 2007 -0400
canonicalization of debug output.
commit 1bb47fb6ae3ba4ef225addd1f9ed258e3b36798f
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 21:06:23 2007 -0400
canonicalization of debug output.
commit a5cd461fa44b930956d4507b012b5660f70713be
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 21:05:06 2007 -0400
more canonicalization of debug output
commit 107c8a9a33b9d8a042400ed95f6988f9e26cb52e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 21:05:06 2007 -0400
more canonicalization of debug output
commit 9127751181a03c2622cc415f3f4f1dad77f8d9b9
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 21:03:53 2007 -0400
more canonicalization of debug output.
commit 97962dfbca08cb41cee87146e3ff7a03d381321e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 21:03:53 2007 -0400
more canonicalization of debug output.
commit 732e7e0fd92e3c271f7b26b16e1e09752b746859
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 21:02:31 2007 -0400
changes to debugging of readwriteconf need to be sanitized properly.
commit 880576ec5785513218be996a915819abbf0129ab
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 21:02:31 2007 -0400
changes to debugging of readwriteconf need to be sanitized properly.
commit 83add2b3532e6d1a9b2310d019874912b98293c6
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 20:59:11 2007 -0400
fixed comments about what files are being read
commit 64d761649e5796eb4b13b0d7be986d11002f3d27
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 20:59:11 2007 -0400
fixed comments about what files are being read
commit db09c3947aef9464655d746a823add50f4457dd0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 20:56:50 2007 -0400
phony test for MAST configuration parsing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d1155c9e508eaefea7da0771956f0bb3637ecb38
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 20:54:13 2007 -0400
use pluto-wait instead of eroute.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7cbef0d835e49002f64af8d3a58f2fe56c045d18
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 20:54:13 2007 -0400
use pluto-wait instead of eroute.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5f424002b74fa3ae1394f5cd967232aa8191e852
Merge: 9fb0fd9 f426a26
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 20:26:27 2007 -0400
Merge branch 'testing' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/
commit 9fb0fd9f758afb324504d11abb3d698c4bb2c162
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 20:19:51 2007 -0400
adjusted test to remove extraneous kernel components.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7fd0776a706c5d4771ec8629183c19064dd63ef3
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 20:26:10 2007 -0400
merged part of fbd9e1375d3bb0dc368d8ed02ff16dab18a5af10
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f426a263d8e36f32d958e1a9cf3a823ea80ba1c3
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 20:24:42 2007 -0400
Add typedef for u8
commit e2bd93b655238dce49847b2b5b7e338713986e3c
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 27 20:19:51 2007 -0400
adjusted test to remove extraneous kernel components.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c128851379b084fc4eb6b425bd36d9c7ad393aad
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 19:37:59 2007 -0400
Not sure why this says bad, as it works fine
commit 0e7607a6562498e84f32ba906a4f6a2cb699db98
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 19:09:43 2007 -0400
Wait until pluto started... not for eroutes
commit 3a7d6a428569a12d63d787e7c1272daea99761e9
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 19:06:33 2007 -0400
This is nat-aggr-01
commit 30ed07fdfa4b388388265bcb6fbee2c175060973
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:31:31 2007 -0400
Update to match newer outputs
commit ef3f3301959fb0dcdf47d8838e83e0e81f9fda27
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:31:08 2007 -0400
Update to match newer outputs
commit c76cebfaf45fe6bec0eae8a08337a829344780c6
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:29:46 2007 -0400
Update to match newer outputs
commit cc37cec70aab82090685a4a35fb55e3aa3446fe2
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:29:21 2007 -0400
Update to match newer outputs
commit ef302a01f675f6cfc2c0cc95138d07b97a225b41
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:27:15 2007 -0400
ipsec manual is deprecated
commit be389a8177b35c8c69f7f4a172f9a8a3370102e6
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:26:18 2007 -0400
Tunnels start at 0x1001 now, as a %pass no longer counts
commit 3154dfa6c9bf6c2b738ced40c6c0c1123d4b5943
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:24:58 2007 -0400
nexthop is gone, and thus removed from 'ip route list' output
commit e9258c2bde51f3d21e57c4433423c4c27347803f
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:22:38 2007 -0400
ipsec manual is deprecated
commit 84cbb36b5ad8800fbcd5a577793a161271b0f299
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:09:43 2007 -0400
Update to match output of new log messages, and we now have consistant
ping success (see description.txt for history)
commit fb7eae01bcb98c1f177ed6b464cbcb5307eee0b1
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:05:06 2007 -0400
Adjust for negative confirmation
commit 83e4db697e4675747fe971c750de0bec0043cb88
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:04:13 2007 -0400
Add comments about how passing this test confirms the lack of
cryptoAPI - it doesn't actually test cryptoAPI
commit 4feb69806cc269d6318acf613c9254a0bf14178a
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 18:01:09 2007 -0400
4167 for some reason now
commit daf172ae5d0b53d74fcdd694a6c29ce0157b23b9
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 17:51:30 2007 -0400
ikeping now summarizes results
commit 188bb066e1d5dbabff95d9e61ff59bd002a73741
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 17:51:12 2007 -0400
ikeping now summarizes results
commit 36eab89efdb4101761fbfb494aae71c0bf166ee3
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 17:50:57 2007 -0400
ikeping now summarizes results
commit 19805be534948942ee3046d7649b4bf3457a7906
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 17:49:54 2007 -0400
ikeping now summarizes results
commit a22d1354fd64b4d5075e068fcf7a5c7b8e756709
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 17:49:25 2007 -0400
ikeping now summarizes results
commit f90877557f886bc8c3c30f602b1101768c139d13
Author: Ken Bantoft <ken at mbp.local>
Date: Thu Sep 27 17:12:02 2007 -0400
Count skipped
commit 4563c576bcdd68614edb7853a1d4ef8feb5df0ea
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 26 22:30:05 2007 -0400
test case for attempting (and failing) with IKEv2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b331f234eab75d711067f327bd5e973e44e991ca
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 26 21:59:15 2007 -0400
refactoring of code to seperate ikev1 and ikv2 code.
introduction of POLICY_IKE* bits.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2e99e38a1d78936fb00a89a1e73346be745125f6
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 26 17:38:56 2007 -0400
process the ikev2= setting, as a four-state value.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fbd9e1375d3bb0dc368d8ed02ff16dab18a5af10
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 26 17:38:41 2007 -0400
test case for ikev2= setting.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0b6b10d3f2207275f6ea67ab4fa01b9370ddd47a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 26 17:37:37 2007 -0400
some fixes for including files by glob which are not existing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f3b65c796e9aca87e2c9df8cd868b4ad824b05ec
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Sep 26 14:11:31 2007 -0400
We don't log sending of certs by default anymore
commit 2d698c2981cc8e11e4d36ff7fc42589535416b2b
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Sep 26 14:10:01 2007 -0400
We don't log sending of certs by default anymore
commit f7b948133f5a3790853ca8d2938774a2040f7097
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Sep 26 14:03:52 2007 -0400
We don't log sending of certs by default anymore
commit 118d488e8875f69a458322632ed09b725edac0e0
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Sep 26 13:48:09 2007 -0400
If we only support AES, we should end up with AES. Testcase output
fixed
commit a5c079057741c6d69a901d292623272d1b083cb1
Author: Ken Bantoft <ken at mbp.local>
Date: Wed Sep 26 13:47:17 2007 -0400
If we only support AES, we should end up with AES. Testcase output
fixed
commit 42f788bb1d97b01367ac89eabdd1dc13b6385790
Merge: a43ec36 c332387
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 19 20:44:29 2007 -0400
Merge branch 'testing' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/
commit a43ec36516ee43993593ee4eaa3bf0fc979ee2c7
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 19 20:35:25 2007 -0400
make the libtest a little bit more friendly.
commit 770ed4e2ec5a3bd42678d1368cdacc62db8bd9f8
Merge: 6460581 78c137c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 19 08:08:30 2007 -0400
Merge branch 'master' of git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/
commit c3323879f1dbe265fe92ef1775f88a1d51306495
Merge: 5fb912c 6460581
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 19 08:03:19 2007 -0400
resync with #testing
Fixed up minor conflict in aggr-pluto-01.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5fb912c0a59f46946d82f711810b417148150bc5
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 17 22:01:34 2007 -0400
whack msg test working, plus first refineconnection test case.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6460581dcd68d933f04f786c7721866cc53e72c2
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Sep 16 21:45:49 2007 -0400
document that this test fails due to refineconnection issues.
commit 7edc98da885925f6e890af80a1e85804c2cd044f
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 14 21:49:33 2007 -0400
when including a file in ipsec.conf, if the inclusion has a glob,
then if there is no file found, then don't error out.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b89e29e1a688fe76dc2f93575eaf2bd68476fdb3
Merge: 6f10c47 9b08cca
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 11 21:35:00 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit 6f10c472ffe1e9b7deae48c29109de7fb2c5f379
Merge: 4e4756a 179faa8
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 11 21:34:33 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9b08cca401114c9f166f98be284d247259ee04e5
Author: Ken Bantoft <ken at mbp.local>
Date: Sun Sep 9 11:27:18 2007 -0400
Fix filelist to reflect reality
commit 4e4756a01298f57ddcf528337361c8845a6b5e9d
Merge: 5eb781c 95a064c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Sep 8 22:13:43 2007 -0400
Merge with /osw/v2.5.xx
commit 95a064cb7c419d52ae31302f5c415bbb4197ac33
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Sep 8 22:13:14 2007 -0400
showhostkey-01 revealed a core dump on --dump option.
Fixed --- do not decode things which aren't preshared keys.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 48bb46b056050501085d9d2b6b20dc14cb0b03de
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Sep 8 22:12:46 2007 -0400
showhostkey fix for core dump.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ddd56531015f3e068b40129f1705735c50950f34
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 6 10:14:58 2007 -0400
when loading up default conns, indicate that they are set as such,
and when loading up real conns, permit those values to override settings,
but not otherwise to duplicate things in an also=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a35422e5e01b5d0d9e32b73ca19f3a9061030338
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 6 10:13:53 2007 -0400
test case for overriding settings found in default clauses, but
doing so in an also= conn.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3b3b0f3d397286de8c73574a7794bcd72e81635f
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 6 10:05:02 2007 -0400
change set_options to be an enum rather than a bool.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7e906dd51ed2a3942f4fb3da6bc2ad60e734bb56
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 6 10:04:43 2007 -0400
updated description and test results for -16, -17, and setup
-18 to indicate issue with also=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 39e46a5055f11485f15d1e4b99ed7bb4fe51d5f1
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 5 00:36:07 2007 -0400
remove eroute-wait, since these tests do not assume OE is on anymore.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4a86809fa9f788400685743b75d8d4be0094b236
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 5 00:35:46 2007 -0400
benignly deal with the case where the SA was not completely setup,
and we are tearing it down again because it failed.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 11381a3b3302e2ff43b08a1c554d28e1ffd4b988
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 5 00:34:53 2007 -0400
results summarization now splits up the results into smaller pages so that
they are easier to see/navigate through, and reload when you are working.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 58ff223bd37a8ca32aac00610e238e2292ab4265
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 5 00:34:19 2007 -0400
fix up some scripts to run properly and sanitize the scripts better.
disable tests which are actually for later versions of the code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 76bea75d1ce5f0ec2f3a4a2cd19981f9c90eb7cd
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 5 00:33:40 2007 -0400
now processes x-comment lines, remembers them and spits them out again.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 164a450a067e75da7e69e71e21c25e745e294fad
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 5 00:32:52 2007 -0400
test case for parsing/writing of x-comment lines.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d5a646878340f02c262fb68b148cf095e4f72c2f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Sep 2 23:02:34 2007 -0400
reworked parser to properly support x-* comment options in input file.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit daa5fbb9de5a6deda2037dd16da407506b561757
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 30 09:37:11 2007 -0400
fixes for modtest-two-six-up-01 - compiling without KLIPS_DEBUG
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0f18509b7374cd30e7442a2435a1fb8ecce41817
Author: Openswan Release build at openswan.org <build at vault.xelerance.com>
Date: Tue Aug 14 21:29:02 2007 -0400
updated version
commit 179faa817fe707ed72a6bc3715d47d54d1eafd04
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 03:22:27 2007 -0400
Patch for SMARTCARD code to avoid deadlock by Kurodo
commit 7f8f80fb1787545f78c92258b92b1a37606121a5
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 03:16:48 2007 -0400
Fix the macro calls from previous logging fix.
commit 231389279edfeda4a7b75811ece8f5eb109f74df
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 02:36:27 2007 -0400
Added HybridMode patch to contrib, with note why we don't support it.
commit 5c3524a0ad6c8e32ec62e2ec708c63fda7eda1f8
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 02:14:29 2007 -0400
minor fixes to testcase. (for bug #548)
commit 7b5d37930b27fadca17cde986e6fd3cbab0d354f
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 02:11:39 2007 -0400
updated changes.
commit 73c17ae72691f24edab56f780fcc806c38a33599
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 02:10:54 2007 -0400
Some debugging information was not properly put within DBG macros (#544)
commit fb3c347815520d52456e42d46d2ae7e1349b88e6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 01:59:07 2007 -0400
updated changes
commit 15d829fa8b3ee1af520d9df162f97cc59ac613fa
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 01:57:48 2007 -0400
Fix for #590
commit 90c0e2c9410074a2f809c8057d544975d20e8a1b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 01:53:37 2007 -0400
updated changes.
commit d31b1ec95c178126d914509b2648c304b91fbb96
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 01:52:19 2007 -0400
Patch for initiating with protoport=6/%any by Ilia Sotnikov. A testcase
has been added as well (protoport-02). This is bug #582
commit e77cb8b38a7e66e25dca89efa99ef6e907024adb
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 01:38:43 2007 -0400
Added testcase for initiator having protoport=17/%any
commit 1dab7d2c9dd083b8d44836eb600c58fe00329851
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 01:31:59 2007 -0400
updated changes.
commit fc8610b6f43a070d905831685959c45c1b040659
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 01:31:31 2007 -0400
Fix for CryptoAPI on 2.4 kernels by espakman. This is bug #580
commit 649d78925481e25269cc9bb29418880c508215c6
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 01:15:30 2007 -0400
Fix for ipsec auto --status crasher on uclibc when no connections are
active. This is bug #627. See also:
http://article.gmane.org/gmane.network.freeswan.user/7627
(patch looks weird due to layout, but is basically wrapping things in
an "if (count != 0)"
commit 78ae1c6e238013437963e06c65952f0199da035d
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 00:58:19 2007 -0400
Added protoport-01 to the list
commit 0687249214c887788c523f01321eb6305cd8703c
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 00:57:17 2007 -0400
Added trestcase for prototype=%any
commit 728d6976544ced5b19d605910a8e56c3413ccde9
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 00:43:24 2007 -0400
Added testcase for bug #496 (protostack=netkey with esp=aes256-sha2_256-4096)
crasher.
commit 27e4a8593139f871c4f3caed5b647580d8f1270b
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 00:34:19 2007 -0400
Fix man page to read "ipsec whack --name conn --delete" instead of
"ipsec whack --delete --name conn". This is bug #630.
commit b2061df1c8bd89600e900faa3b5f865e36580848
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 00:31:01 2007 -0400
Found a flipped syntax for whack --delete in livetest while looking for
a man page fix.
commit 464c426d2dd3c3cfe2d6a1a5aeeb4ba80aa5a8fd
Author: Paul Wouters <paul at xelerance.com>
Date: Fri Aug 10 00:00:05 2007 -0400
Fixed last -Werror -Wshadow issues.
commit ba52f271f5f24715d0fa9202f5c950e3436cf9de
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 23:53:55 2007 -0400
Properly cast now.
commit 3be8f2fbc6a7147de6a32eb78325b745b4ae0c3d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 23:51:35 2007 -0400
Revert "Another new -Werror occurance"
This reverts commit dab403fd30cff5e408c2c5bc408e1060dc018e97.
commit dab403fd30cff5e408c2c5bc408e1060dc018e97
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 23:48:35 2007 -0400
Another new -Werror occurance
commit c9ec93a1a2ee5b46efd526ebbab3daca2dedae03
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 23:42:19 2007 -0400
Added casts to (unsigned int) to make -Werror -Wshadow happy.
commit a7648033d8f4e0b8f8c72c9977f0f48c544d2335
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 23:39:34 2007 -0400
more -Werror -Wshadow fixes that were recently introduced
commit 6493baf29fc09c894ea91936d37d5b40074a761d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 23:28:50 2007 -0400
Last -Wshadow fixes. (note it fixes two shadow fixes from previous commit)
commit 1ef324a43f010ecdeb3ed0dcbf6e73df735f1cdf
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 23:14:17 2007 -0400
time_t now was not used.
commit 87317fbc73b3a674bd043904b5a6dba6732076d5
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 23:14:02 2007 -0400
-Wshadow fix.
commit ea492edf1d04ad01dd938014b235fb4b1bb000d0
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 22:45:57 2007 -0400
More -Wshadow fixes.
commit e84ac98c32f4946b11d0a8a6c6b1ebc43b66e065
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 22:33:02 2007 -0400
-Wshadow fix.
commit b2a41df556c35c2056e0f2be0445ef1161f581c4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 22:31:39 2007 -0400
-Wshadow fix.
commit 7fc41212345abcc30d8924be59d638b62627abe0
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 22:30:14 2007 -0400
-Wshadow fix.
commit 3f56d380f88a5eb19ac9486be960f10e1d3cdcd1
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 22:28:20 2007 -0400
Fix two more -Wshadow errors.
commit 26c39a359cbabb9a267e5edd5ee6af2c08db620d
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 22:25:29 2007 -0400
Fix for -Wshadow error:
.../openswan-2/lib/libopenswan/diag.c:55: warning: declaration of
`diag_space' shadows a global declaration
.../openswan-2/lib/libopenswan/diag.c:35: warning: shadowed declaration is
here
commit 5e94941d211e70c3fd4462e6daea57321264cafa
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 22:22:09 2007 -0400
Fix for compiling with -Wshadow causing errors like:
.../openswan-2/include/alg_info.h:137: warning: declaration of `strlen'
shadows a global declaration
commit 05f21656f41b40f4b5bb50e6712b90193b209535
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 22:09:19 2007 -0400
Fix for stripping out spaces from xauth usernames and passwords.
Patch by Dustin Lang <dstn at cs.toronto.edu>
commit ce2b3752f691fc763cc2f7d06cee00924aea5fc4
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 22:08:46 2007 -0400
updated changes.
commit 4c156485d702131391aeaacc190a58b33538cd15
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 21:50:50 2007 -0400
sock_unregister fix for 2.6.19+ by Sergeil (bug #708)
commit cba5ec5e6276b4777c104905a503bcc1331611a3
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 21:32:52 2007 -0400
Added test for leftsendcert=never
commit e98bc760be0d842433059ab2b8f24f2d8074a9d1
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 21:32:26 2007 -0400
Added test for leftsendcert=never
commit 28b81c977f7e0d9db22bc071e0b8e6dde5a055f5
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 21:26:27 2007 -0400
Updated testlist for new testcase 18. Also added a few missing tests.
commit 8bb939763cea6e486ef2d6ad14aa05599074491e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 21:26:04 2007 -0400
Added test to see if we properly fail on old style "strict mode" syntax.
commit f440cf9c2189468e7a6138f22cc8f3336ca0414f
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 21:25:42 2007 -0400
Added test for esp=3des_cbc
commit 52a8f4872d196b7fdf30eb563be0c46afec07cdf
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 21:15:52 2007 -0400
testcase for 3des_cbc and aes_cbc parameters. This attemps to connect
esp=3des,aes with esp=aes_cbc,3des_cbc. The test is marked to "pass",
not fail. (is that right?)
commit b539e1b34bc7b025b918b4434c339bba5af55a48
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 9 21:09:48 2007 -0400
removed bogus line in desc.
commit cdcd39c1300cbb011f877f00747e42036a338abb
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Aug 8 01:40:51 2007 -0400
Added testcase for proper failure of tunnel-transport mode connection
attempt. Added transport-01 and transport-02 to TESTLIST as well.
commit 42a6b4fa5c4c78e8e0f6bd67995733076b5bcd23
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 2 17:50:35 2007 -0400
Added testcase for reported bug #789
commit 65fcba89dba581163e9794cd8accad856076258e
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 2 17:40:00 2007 -0400
Add a non-existing inclue with wildcard that should not terminate the
parser. This is a testcase for bug #806.
commit 8d24a341a505ead9a6adbc60575f6f066e700533
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Aug 2 17:28:11 2007 -0400
CTL_TABLE_PARENT patch for 2.6.21+ by sergeil
commit 5eb781c8711c85381457194250004437c3fe4ad7
Merge: adffe7b 10f595d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 28 16:38:17 2007 -0400
Merge with /osw/v2.5.xx
commit 10f595d6173f1f9577c5ac7c4beb8ad5750d3240
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 26 14:40:06 2007 -0500
test case for mrcharlie's config files.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1623216e9155734c3973fe0f7d66745a4c900106
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 26 13:34:08 2007 -0600
added CROSSFLAGS to places that were missing it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8789e50399c1a695d93681152ad397801e0a3b80
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 26 03:06:17 2007 -0500
protect ourselves against cases where the peer's address family has not
been initialized yet, but we still try to use it. We assume IPv4 for now.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8714717a5b11f7b7d3d5c2d5f8c4584a3734fa86
Merge: 0b3b168 5bb5b5d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 26 02:36:31 2007 -0500
Merge with git+ssh://build@vault.xelerance.com//xelerance/home/build/openswan2-releasedir/openswan.stable.git
commit 0b3b168b1405de7a294870e189522533bffa4636
Merge: e1e66df 2025caf
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 26 02:33:13 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#stable
commit e1e66df3700f2f5d88354abbcf9de36ce525c8cb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 26 02:32:58 2007 -0500
added missing files from openssl rework.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2025caf0099d837561acb0991f637ff98c341995
Author: Michael Richardson <mcr at gimli.(none)>
Date: Thu Jul 26 03:31:16 2007 -0400
fixed various bits of XML documentation to format properly.
Signed-off-by: Michael Richardson <mcr at gimli.(none)>
commit e4556ae307b7345c8b05f075c39d79113edf3b6a
Merge: d3f743b a1fda2d
Author: Michael Richardson <mcr at gimli.(none)>
Date: Thu Jul 26 03:25:12 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#stable
commit a1fda2d5d379e7ad88aa3e964894711ae0adede6
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 26 02:14:41 2007 -0500
documented nat-pluto-07 test and changes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ce18067bd30a0e7a9a3b70c078a700760afc99b7
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 26 02:12:37 2007 -0500
working test for for nat traversal with IP address change during
negotiation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e039fb5a6d5a686af2416d889c9e5f2d8e56a3e1
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 26 01:05:13 2007 -0500
revisions to NAT-T processing to deal with IP address changes
(as detected by pluto) and implement them properly.
Test case nat-pluto-07 attempts to test this, but does not perform
the proper NAT functions.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c2c99d307434c521e4ccd01e92fe0db9ad2c6f7a
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 26 01:03:06 2007 -0500
test case for nat-traversal with IP address changes mid-way.
However, NIC machine does not NAT the data to a new IP properly.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 23e694728f6a71dd7a031d32de0339d0ac156496
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jul 25 14:31:02 2007 -0500
test case for nat-traversal when port 500 and port 4500 get mapped to
different IP addresses.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a6683a56e2fe9202b2f4e32100f5c2f10c9fa67d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jul 25 14:17:58 2007 -0500
change HAVE_OCF_AND_OPENSSL to HAVE_OCF, and remove all dependancies on
openssl headers. The cryptodev interface does not use this. Some calls to
cryptodev have been removed, and will reappear in openswan 3.xx
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 651e334b603c474b73bf4b73ead77944f5281d5a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jul 25 14:16:01 2007 -0500
added nat-traversal keywords for debug.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 216597d75ef61955befb556ef484649707e1cf3e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jul 25 14:14:49 2007 -0500
fixed up test case for nat-traversal when initiating from different IPs
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 76015f933e51c8406a2a96d46237c22f66274fea
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jul 24 14:20:37 2007 -0500
updated 2.5.14 changes notes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 18e023b849c95042d49b9cc090f9cd718775ceb1
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jul 24 14:16:44 2007 -0500
change ipsec_breakroute() to not return an error when there is
no eroute to delete.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 63f2971aee73e52fe20b6f88aeb023b3be673201
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jul 24 14:16:12 2007 -0500
test case (working) for ipsec eroute --replace.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0c6e3eee05fc9762d44e6bdc0dcc7cd6ac8d5229
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jul 23 23:34:23 2007 -0500
implement --replace option to actually set the REPLACEFLOW flag properly.
provided for test case east-replace-01.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 52b60a3d7539a80ba039850f41bbbfc070849b07
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jul 23 09:58:13 2007 -0500
test case for adding new flows with the replace flag set.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5bb5b5db05b79bd5190da155ed195409459898d4
Author: Openswan Release build at openswan.org <build at vault.xelerance.com>
Date: Thu Jul 19 20:08:48 2007 -0400
updated version
commit 9c5e47aa7205d92d693686e129faaad0a859476d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jul 10 10:09:08 2007 -0400
Fix for 2.4 version of fix for silly ISP's giving bad P-t-P links, eg
when using PPPOE/PPTP. This is bug #812
commit 8d425488d46f0c280a52912657aa3d2e78fda019
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jul 4 11:12:20 2007 -0400
Update to reflect output changes, and no more DH Group 1 (768) by default
commit 3fb008b7dc818a2fc6fb0889d50d83f9218ded5d
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jul 4 11:10:58 2007 -0400
nexthop is back
commit 7ce070741c32cf17ae4c4a36eb9a6a008d24bb17
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jul 4 11:10:44 2007 -0400
nexthop is back
commit cdf7bc5fd6a185327ac0e39be5afc5482ccafa7e
Merge: d58a958 4bfeb17
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jul 4 11:09:34 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git#stable
commit d58a95832061da7d2e85152b85f10ae98f2e01de
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jul 4 11:06:32 2007 -0400
nexthop is back
commit 14a831dd4959a44a02f33e08ce528905260951ac
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jul 3 21:25:09 2007 -0400
refactored libtest into multilibtest, that can run multiple input
values through a single program.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9d586c3da28b30aa4e0f55f041dd1eed04e85a35
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jul 3 21:24:26 2007 -0400
new unit test cases using refineconnection.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3d6655d9c2e5bf5e0f410a17639fb36b37b0c9d1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jul 2 22:40:06 2007 -0400
first test case that works with refineconnection.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 47b316debcb215dfe544b7378072302aa3a10a4b
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jul 2 22:39:07 2007 -0400
set $ECHO to a default for running the test case
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c27337c6810cc6c7ea82e79073d9fc9b77e705cb
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jul 2 22:38:51 2007 -0400
need to orient connections in initiate seam code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 13781e0643f410ca88d63f8940bfc527ef7a28c2
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jul 2 22:38:17 2007 -0400
never change size of connection structure based upon options (screws up unit
testing too much)
Added spd.left to identify which end the end was when it was first loaded
(before being oriented)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8fb37d83b1c15bfddaae26fc062fbeff897e5cc8
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jul 2 22:37:21 2007 -0400
remove unused variable (whackmsg test debugging)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4bfeb1735fb1642bdbe304d10bf9b21f2f6f3b20
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jul 2 20:51:33 2007 -0400
updated with proper value-based defaults.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e735ce38a5fe091a87e5adbcc0126108832424ba
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jul 2 20:39:54 2007 -0400
pick up =VALUE types properly from new configuration when canonicalzing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 29de4348735204daf5c5bd68cbf0f1e9007ab548
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jul 2 08:55:25 2007 -0400
test case for refine_host_connection (not passing yet)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ccd761d097f629ae0f4f9fdebe3eb0edc1a86c8a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jul 1 12:49:27 2007 -0400
removed errant exit(0) at end of utility function
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d72431828a41d4cca666f737c07db4fde50e4958
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jul 1 12:30:50 2007 -0400
split compilation of unit tests out from library test so that it can be
used for doing -MM compilations for calculation of dependancies
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 294d88c3da763269155fd5317f42e29c5b643e48
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jul 1 12:29:43 2007 -0400
added log_seam.c include
commit db46f0851282b41565608473bcf4620445c31c79
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jul 1 10:05:35 2007 -0400
refactored whackmsgtestlib.c into multiple seam files and use them
to compile refine_host_connection() test case.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0ddbd69b5e5d552c462aec0febd8b3c85988c91f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 22:27:38 2007 -0400
refactored whackmsgtestlib.c to be used by refineconnection.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5898058d4cdce10e869973530bb22af85504a4f5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 22:02:04 2007 -0400
refactored support routines and link seams for whackmsg test suites.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f9ac43f5f55a7d45a777a6d61b48041c620eba46
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 21:18:59 2007 -0400
test case output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 192fd4b192931a2bba4d0a7436b7dff92605f752
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 21:14:48 2007 -0400
first whackmsgtest skeleton.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4a10ea028366c393aa4f216ed4a2449e36bc88ce
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 18:16:32 2007 -0400
removed cvs log lines.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 21f57b93394e74bbc390cb2a36016a7094ca39b4
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 16:10:30 2007 -0400
permit tests to override arguments to unit tests.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c75442d5586a74b8a210aa35e210d55f8e9d07b0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 15:52:54 2007 -0400
adjust various test cases to not depend on OE being on.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit adffe7bc076f5e07d9255c11a39590c959b9ff6b
Merge: b26ba34 9025ef5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 15:48:18 2007 -0400
Merge with /osw/v2.5.xx
commit 9025ef5fd790ee39a466055fab37e739ddc4a2c6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 14:42:20 2007 -0400
updated canonicalized kernel configuration + utilities.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b26ba3487042e8bb2004eef8360bca04dbbf8bf6
Merge: 8c22f40 bb3e7e7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 13:48:54 2007 -0400
Merge with /osw/whackmsgtest_1
commit bb3e7e7b95a1aa8350326a4cebae036dd6e58f38
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 13:48:43 2007 -0400
added more support files for pluto
commit 8c22f40eac9021d2bd5e620585004a55b69a1278
Merge: f17d272 9a283f9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 13:47:10 2007 -0400
Merge with /osw/whackmsgtest_1
commit f17d27240c5c2fa46646e73b492ca1def784b1e3
Merge: f4fa308 cc80052
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 13:46:53 2007 -0400
Merge with /osw/whackmsgtest_1
commit 9a283f97f90554e63f01c828436bfb5acaa13107
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 13:46:21 2007 -0400
added missing Makefile
commit f4fa308084c6a42465edfa02bc7d59b2e0b6a456
Merge: 298e404 35c0f59
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jun 30 12:54:36 2007 -0400
Merge with /osw/v2.5.xx
commit d71eba4f40c1a3ccd4a7f5f533abe364195f4580
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Sat Jun 30 11:14:43 2007 -0400
Add nat-aggr-01 test to the list
commit c201c207827bcd0e3464f2cd04c1e5dbdbbceb99
Merge: 5c2f000 35c0f59
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Sat Jun 30 11:12:28 2007 -0400
merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git#stable
commit 5c2f000b7b894a41333dc05b0efbc472d3222400
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Sat Jun 30 11:10:48 2007 -0400
System halted.
commit 3a5bd0d439d1aa37709abe69a668e4de6ed23f21
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Sat Jun 30 11:10:33 2007 -0400
Update to match new logging messages
commit 35cca7f181703eba5504f10e7877740fb31a9468
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Sat Jun 30 11:09:54 2007 -0400
OE is not enabled on this test
commit ecb83c407a7dbc5ac7319ff532ae2df348fc8480
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Sat Jun 30 11:08:59 2007 -0400
Remove nexthop in output
commit 35c0f59d22ceb41b55669fdfd1f0fe0a45d5d23e
Merge: b173cb9 6903665
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jun 28 08:15:54 2007 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#stable
commit b173cb971ba81de534c0ead5f0bec6a673ebe1a0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jun 28 08:14:02 2007 -0400
created also by Ken
commit 3de6d5a26a5a792ff1319b266be5cc9f53870818
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jun 28 08:10:56 2007 -0400
new test case for NAT-T + aggressive mode.
commit 82cea8559e026720d4e3644d15932132aca05238
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 27 22:13:26 2007 -0400
update plain config to include new defines for NAT/iptables.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 82ec90ee1354ca660df9f3d11865264deb9f29d4
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 27 22:11:43 2007 -0400
new canonicalization script.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4163f17c6f39073fb9ec1dacea94820876823c74
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 27 22:11:31 2007 -0400
updated kernel config file with new script, baseline version.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 236140575f3062ab18e7f6d035023687694f1e36
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jun 27 21:32:13 2007 -0400
Match shutdown procedure
commit 69036654f07138ea0a1f9de8dee0239ba2962797
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jun 27 21:27:33 2007 -0400
Adjust output to reflect nexthop
commit d364841162c98ecae37e5d5fffeecd761b37eacb
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jun 27 21:24:24 2007 -0400
Update to match output from restart scripts - some default values have
changed.
commit 9a088bb7abaf1a696f6b36798a9a983d450d8cca
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jun 27 21:22:18 2007 -0400
Fix output to match tcpdump
commit 55135c13f5557e0fe9524a459b5414975175cb54
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jun 27 21:20:06 2007 -0400
Nuke local tree references
commit 2154b5b7eafaf834a8682b6e65e61407a16eb182
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jun 27 21:16:20 2007 -0400
Wipe out reference to local tree
commit 1ba3ddda0bd9f815b2da43addbda5aa4dfc2d4e4
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Wed Jun 27 21:04:10 2007 -0400
NAT + Aggr mode testcase
commit 755b8ddebdddc1ca340b057bc44f795e6d32e306
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 15:55:28 2007 -0400
Match new tcpdump output
commit cc2e95dfa8881b994315edcc55b50b0a18ca18c6
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 15:54:26 2007 -0400
Match new tcpdump output
commit e179c711506a8d16f496bad06676e3387936c366
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 15:54:12 2007 -0400
Match new tcpdump output
commit c6bf9aed67045368a281c5f58422af7c9e203509
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 15:53:57 2007 -0400
Match new tcpdump output
commit 2fd54a3e2233a3f5289dd5aa286358b734195e2e
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 15:53:39 2007 -0400
Match new tcpdump output
commit c78f7eeb94b6cf07b18a7375fcfbe2ac250a295c
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 14:45:16 2007 -0400
Update to match output for new connection displays
commit e61d9ed27bf5577acac8cc5ea37f4caf5c8605a3
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 14:44:40 2007 -0400
Update to match output for new connection displays
commit b51aedbfcaafca90cc8c17b0c74153322534ebaf
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 14:43:52 2007 -0400
Update to match output for new connection displays
commit 38fa37f4993bc1d4ce07cd7c96bdf16ab572abc5
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 14:43:38 2007 -0400
Update to match output for new connection displays
commit 78761fb53873d402f977bfa11ed497f7bcfd78b2
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:45:49 2007 -0400
Update with NAT, syslog-ng support. Remove updowns
commit 7784a90358e5fab46d08949aee7980beda482b7f
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:49:01 2007 -0400
Adjust output, as nexthop is back
commit f0371e84646eae87f9510de51f9dba1184da3942
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:49:19 2007 -0400
Adjust output, as nexthop is back
commit a97c769ab895c7dbfa08def1f4c5ce94699700a6
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:54:05 2007 -0400
Match new tcpdump output
commit 031054515751a5b6be2a3e5e1816ee1a3dbe598b
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:58:03 2007 -0400
Adjust output to match additional NAT information, and refcounts
commit 9292f6734d25b0be6b2b02e504d7e1030b956aae
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:58:51 2007 -0400
Match new tcpdump output
commit b640784a48ffd9874947ae0d30793899615b321d
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:59:24 2007 -0400
System halted
commit 0ca7670ee40c6fbfa9d0b2a8ab74ef79a2f232bf
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:59:48 2007 -0400
Match new tcpdump output
commit 46da6617d71da1dbea05a5bc0c193db4a5f2dc0a
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 10:33:57 2007 -0400
Add log message about keys, and System Halted
commit 1e7b1aff6ae15cdd1838dd26fb9e402044ce1be4
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 10:37:58 2007 -0400
Nexthop is back
commit 3753ef4850a272e8b493b7545fd6e648c68a4e8c
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 10:41:20 2007 -0400
Match new tcpdump output
commit 6b689fe2b8c0db9accab6688dec9f77af4bd3cac
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 10:41:49 2007 -0400
Match new tcpdump output
commit a8e38cb3fb5de32894ad4e30f1c811b07ad8961d
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 13:36:10 2007 -0400
Match loading private key, and new shutdown
commit 5f53c4ab67b1a308660df6fa14a942bab3dc8c43
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 13:35:45 2007 -0400
Match loading private key, and new shutdown
commit 24cabb569838e6bfd209d984f2d32a3fc06b008d
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 13:34:40 2007 -0400
Update with nexthop
commit 78c137cd575b5146a0be38631e187f317258e655
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 10:41:49 2007 -0400
Match new tcpdump output
commit 47f82387c41adf593d75abeb084e3720857fcb85
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 10:41:20 2007 -0400
Match new tcpdump output
commit af13f22917e837613fd45c05f0a9b8b9ea5a9a32
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 10:37:58 2007 -0400
Nexthop is back
commit 97264d8687860e3fc0a0c43fe8256f7b64ac1cc0
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 10:33:57 2007 -0400
Add log message about keys, and System Halted
commit c43a59c4f2d741ff55780e42d1246b5b7b25f82c
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:59:48 2007 -0400
Match new tcpdump output
commit f5df3e782eabaa9816e304550fc990cf892badd0
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:59:24 2007 -0400
System halted
commit ac8ee276fb867227e413fb9244af4a92a1536147
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:58:51 2007 -0400
Match new tcpdump output
commit 3e960326ab38435c58d9022f3e615937eaf804e6
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:58:03 2007 -0400
Adjust output to match additional NAT information, and refcounts
commit 15587211a934b9c2952f963da331ba883c230ceb
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:54:05 2007 -0400
Match new tcpdump output
commit 9d2a1fe7cf5c477123e438946cecd8878178ad91
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:52:23 2007 -0400
System halted
commit 54e805cd5edd9c0814d5e2198e36e69f07b66f0e
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:52:07 2007 -0400
Add output for loading of private keys
commit 5ac988a76f3884be216dcc87ea121d4e72268f51
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:51:40 2007 -0400
System halted
commit ae5eddac533804189ba16a74eae859bc5b975f70
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:51:01 2007 -0400
Add output for loading of private keys
commit 697304d64a48155f7734fb07d56cb044c33bd833
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:49:19 2007 -0400
Adjust output, as nexthop is back
commit dcbdf84c045cdbfbbade539596f07dcc150b1ef2
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:49:01 2007 -0400
Adjust output, as nexthop is back
commit 50c71ee8b23df4b46326fa2347dd530860bff3c2
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:48:23 2007 -0400
Adjust output, as nexthop is back
commit eb2734450b354d040e7b3fe101d06ef59657ce94
Author: Ken Bantoft <ken at cyclops.xelerance.com>
Date: Tue Jun 26 09:45:49 2007 -0400
Update with NAT, syslog-ng support. Remove updowns
commit 326e1076e328d27842fe5df9d517443944497919
Author: Michael Richardson mcr at xelerance.com <build at cyclops.xelerance.com>
Date: Fri Jun 22 12:18:06 2007 -0400
updated kernel configuration with iptables turned on again
Signed-off-by: Michael Richardson mcr at xelerance.com <build at cyclops.xelerance.com>
commit b9c3262a8c717e90445e9b8c35923fe4d8e0a59d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 30 10:51:33 2007 -0400
added keywords for "auto=up"
commit cc8005237d6a911c250e2fcd49d6c5e4cf89629d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 22:23:51 2007 -0400
first unit test skeleton for testing connection.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2ae2d722aafd2a5a405bb0973c3e7efcb46cb0d1
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 21:49:55 2007 -0400
refactored connections.c into three files:
connections.c - management and searching of policy.
initiate.c - code to initiate new connections (turn connections->state)
hostpair.c - management of connections between common pairs.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 34412e8709ba1289c3343a24f375a4e633e249dc
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 21:48:44 2007 -0400
moved ac.h as part of refactoring.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2eded521c0f4825f3fd829c4988003da94172686
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 21:48:13 2007 -0400
updated dependancies
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9fd1c35ee72ea6620e85cc8005f59f5ddc0881ea
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 21:47:43 2007 -0400
missing header changes for refactoring.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b7e299fc3af1d3a82aee18ef22bda46ac7727604
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 21:47:04 2007 -0400
finished refactoring of x509.c -> x509chain.c that was started some time ago.
Goal is to move all chain management (CRLs, certificates, CAs, etc) to
library so that they can be used in unit tests.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5cc303db0f623bcd96fdd1c0e62108e70812b1bb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 21:42:12 2007 -0400
added libpluto.
commit 208774b1d3630955179e66ff06d59acc5d1deff6
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 21:33:02 2007 -0400
move pluto_constants to new libpluto, and link it in
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0ddadf955ee592bca51ae2d2f06e03a048f7145d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 21:30:21 2007 -0400
refact whack_handle() to expose new subroutine whack_process(),
which only decodes a buffer, but doesn't read it from a file descriptor,
or call accept().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6b602c17e509c92b5b9792e3a7d3d3b495e47ec7
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 21:29:23 2007 -0400
move ip_str() -> pluto_ip_str(), and move it to id.c in the library.
Not the perfect place for it, but it gets used a lot in code, and therefore
in unit testing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d2ae92e72f31e050b464d9a243cae0f3b87032eb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 24 21:27:59 2007 -0400
protect against multiple inclusions
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 75d5cc23023b5fd9007955fa08235e3ae0bd71d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 20 14:55:44 2007 -0400
split connections.c into connections.c and hostpair.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fb57bbd4e7eae53c19650604ca924c3dbb1ad6f6
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri May 18 20:52:55 2007 -0400
added new ipsec whack --whackrecord to create files that can be used for unit testing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b81b56a98c9a388cfe27ffc8726f3d4bf3ef4da6
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri May 18 20:47:54 2007 -0400
reformat of XML code by "xxe"
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0c2c1b5af002afac8720193368522ba4293a7fd8
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri May 18 20:44:03 2007 -0400
test case for ipsec whack --whackrecord <file>
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d306ea1b84568cec8a0dab7999dd47fbb4a07873
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri May 18 17:08:26 2007 -0400
updated test case output
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a4ab6eb2e259a56f49700401e778d00be7fb7669
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon May 14 17:28:34 2007 -0400
fix for mantis#790
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a59ea7b1211415432101af49af4832bcf3c18c8e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 13 21:02:37 2007 -0400
added sendcert= keyword.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6d5e76b2ce7f0749b62c890d1886648fc2f04537
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 13 20:59:02 2007 -0400
test case for parsing rightsendcert=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 62cc810e2e7fc0180df1b88cbbb8c562e2826942
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri May 11 18:04:43 2007 -0400
new nat-t patch, and test case showing it works with KLIPS.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 37134dff2574607345716fb4fc3d9bb5c253806d
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri May 11 11:22:59 2007 -0400
output of test case for nat-t code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3369ede7f7d28b5a07610b3ff9faad3cf5f6787b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri May 11 10:40:45 2007 -0400
added target to update nat-t patch.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bd2311aa7ff6f9f4bb5c0f29f7b67c91e2fcac8a
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri May 11 10:36:47 2007 -0400
added man pages for _startnetkey
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dbe6381930d853c9321374faef1322e1079e8c70
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue May 8 11:02:07 2007 -0400
Basically, we go figure out the default route, put it in /var/run/
pluto/ipsec.info (aka, $info) just like _startklips does. We also load the
netkey modules, and hw_random and padlock. This is dupe'd from _startklips,
so should be consolidated in the future perhaps -
but then none of those modules are relevant on *BSD, so technically we'd
need a startlinux or something. For now, I don't mind having it twice,
since the modules would remain Linux-specific, and _startkame or something
would do other things BSD specific in that world.
Signed-off-by: Ken Bantoft <ken at xelerance.com>
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4c03795658c423acc43d4cd9d934456aa81d7128
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon May 7 08:12:21 2007 -0400
move DNS lookups into pluto (still synchronous and one-shot!)
test case is dns-pluto-01, and relates to mantis#0000778
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1aa41c49c6c23a65985ae6c582366c84c6d49fb6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon May 7 08:08:15 2007 -0400
test case for mantis#0000778
ipsec setup stop can stall.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2dc7294744cca889526b783f9ac8fe6bae86437a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon May 7 01:03:20 2007 -0400
do not require that DNS names resolve for 'ipsec setup start' and 'ipsec setup stop'
usage. Added fields to permit pluto to resolve addresses itself.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 728b8e89d5b4a639fbde306c1c192e5f57f03a52
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 6 23:59:33 2007 -0400
added ttoaddr_num() which only processes numeric addresses.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fce71257b3739b61bc58c9afe794955616f4df75
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 6 21:20:59 2007 -0400
added test cases for ttoaddr.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8adb9dc29491de770adc0ff36268d91d3d8ef757
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 10:38:31 2007 -0400
added 2.5.12 note.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9c1c6d45590d04da631a12c671e652cadc7e454d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 10:34:23 2007 -0400
updated with recent notes.
commit 977c298d870355c1ba7dbd4da3e8f1cf58ac0cf0
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 10:34:14 2007 -0400
respect rightsourceip=
commit fbc46d6c5297eb4d549f44246078e26460befe51
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 10:32:01 2007 -0400
test case for rightsourceip=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3736ef15dd1e45ed6a822ae6c7d919502f2ade92
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 10:25:12 2007 -0400
process config files with "version 2" (an integer) as well as with "2.0"
commit 74753f3e303aea830099682efcc8acad849eac57
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 10:24:50 2007 -0400
norekey is not stock output, inverted rekey= is.
commit 489a94bb12f7bffc5e618cc89d3f2d9956eaa761
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 10:24:34 2007 -0400
output sourceip=
commit d4921785f7024626c476fe4d09481155b4336f51
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 10:23:56 2007 -0400
adjustments to deal with nexthop processing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7eaa4e4516f07660ece093fd6486db92483bd03e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 10:23:41 2007 -0400
test case for rightsourceip= parsing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d7520ec171b6b469a84a9573a5f405b363a652c1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 09:21:14 2007 -0400
test case for parsing rightsourceip=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ad9bfabcff05f3abc25ad0b532d34ecc8b9e7392
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 01:13:06 2007 -0400
use ipsec eroute rather than ipsec manual (which is broken)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e6313582d97228046b91dde94ba921b5d6f07a1e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 01:12:44 2007 -0400
do not load any conn during init.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 30d1447da7cab4ed0be81bb0d11fb579f67341ab
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 01:11:32 2007 -0400
set nexthop and failureshunt properly for me-to-anyone conn.
commit 421c3e5a5ab93c2ff6585d2ed647a7bcf9e61064
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 01:10:22 2007 -0400
minor typo fix in comment.
commit 87c7481e8c5f382742c53529cc13d39b1f71bafa
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 01:10:08 2007 -0400
log the peer proposal once.
commit 27cf8fd6960b4475dc4a265cc78cf928b26146ce
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 01:09:32 2007 -0400
clear client mask bits lengths, so that it matches properly for right of OE.
commit 2e40481a09fb58d7ea666b18b0cfc102500603ea
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 01:08:18 2007 -0400
inject saved packets using dst_output().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cc3d7a774c54adc2e0d264fb6f4742dd9686c463
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 30 01:07:39 2007 -0400
removed 2.0/2.2 code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c7749993fa0abbd29b0b007eda5e2588704d2ed9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 21:53:43 2007 -0400
log errors as they occur.
commit 8a0df8ee204192e944831582cd287fe6ebfa59d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 21:49:33 2007 -0400
reset error to NULL before we start.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2746394fd952904d1ec75ccdb27e0945355425b0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 21:48:30 2007 -0400
look for %defaultroute as a nexthop= type.
commit a0a07db8f516e5e3f2736c04250bd205e461e6c0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 21:47:53 2007 -0400
as error messages are generated, append them to the perr.
commit c545b34d5e204d7e8070334630536f4c91972f35
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 21:45:38 2007 -0400
by default, do not set nexthop at all.
commit 29de4bda4c5365295ed44ffd3b6cb60be1f1a0fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 20:05:23 2007 -0400
updated CHANGES file.
commit 0c57e213f0bf8df1beff6d5567fbd9b351a1d2b5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 20:04:47 2007 -0400
updates to CHANGES.
commit d23389f8e4702846c0fe83d07c8023fa01fd6dd4
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 17:20:49 2007 -0400
adjusted east console, but test case needs "ipsec manual" to work.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1d8a9494bdd5cfe407c4ddf58bbdc423139eaed0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 16:41:01 2007 -0400
added test case to determine if correct ordering of algorithm is selected, when
there are multiple algorithms on initiator and responder.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 79868b35ed078496c4178273336f5ed727a846a3
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 08:54:46 2007 -0400
updated for nexthop settings
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 817633ee4573e5f4908a8b5f3876e500192ea221
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 08:53:15 2007 -0400
updated for nexthop settings
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 484a30d8940f62bea4012b8bde09f1f0d79629ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 08:51:25 2007 -0400
updated with nexthop settings.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1b2fc951fb684315f5a3d2e91707095031ba7e5a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 08:44:29 2007 -0400
when a packet is passed through, do not call NF_IP_LOCAL_OUT, as it has
already passed through the output hooks, and doing it again, confuses things
causing ip_route_me_harder() which creates a look, since it does the flow
lookup again. (This doesn't happen if the kernel hasn't got XFRM support)
commit 9861ab5d0fdd35cd15ac9e9a230df2cd65218a32
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 08:42:50 2007 -0400
remove 2.0/2.2 support.
commit 1b4876633670458857d5bada83b487e68a3e6600
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 08:42:11 2007 -0400
minor reformat.
commit 4dc9ca6dac06a48b41ce51a32a4ce49bd3a1edff
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 08:31:35 2007 -0400
nexthop, if specified, will be set properly.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit de3f003f44a445819242c148898e4c6d17922a32
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 08:29:12 2007 -0400
updated test case --- reviewed items and confirm it is correct.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 508e5d5d00e88811f6525ec0e06b25027a905616
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 28 07:44:24 2007 -0400
use KE_IKE in keyword list.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 695cb2e79e5b6e1d46f7deeee042c6170c97fdb8
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 25 12:15:17 2007 -0400
bug patch for % received from Mark-Andre Hopf <mhopf at innominate.com>
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6c62e345a7ecfffa4c564a75b9e2174a161f404c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 25 09:20:06 2007 -0400
NEXT_HOP is still needed. When we have a kernel that can cope without it,
then we can simply not set it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit aeaf7f01d32252c25c645ba7d0c654cf8d32c460
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 25 09:18:12 2007 -0400
the right-hand side of an OE conn should have nexthop not set, rather than confuse people
by taking the defaultroute of the local part.
commit 3744bab5b20dfc29feacc898f04beb9096fe58db
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 25 08:13:26 2007 -0400
rename to KE_IKE, not yet used, was a typo.
commit 77aece68f8d34d9ae9c05304a05d28e1bbb97668
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 25 07:51:38 2007 -0400
permit duplicated keywords in some cases.
commit 1cba078791d123a93160e9570379a1dc9defce2e
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Apr 20 11:28:51 2007 -0400
updated changes file
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6f06a605c56eed12cba514632a66c06136125a92
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Apr 20 11:27:47 2007 -0400
patch to detect if XEN has been patched in, and adjust skb_linearize use.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 298e40499caf5b18170a7f4aff1db73b714fbdbf
Merge: cf8675b 445bd54
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Apr 19 22:47:07 2007 -0400
Merge with /osw/v2.5.00
commit 445bd54f5e3e7ab63ac23179f0bdd8cd47d85f3b
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Apr 19 22:46:40 2007 -0400
fix test cases to use proper umlXhost name.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bc705ce2617eb53700fdfe03f10f493ad379edd6
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Apr 19 11:17:41 2007 -0400
fixed delflow code to not complain about extra flow extensions on
reply to user application.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9aab11adeacb6c07a2838a4f0de7a16bb1a849c1
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 18 16:26:04 2007 -0400
log main pid
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fff5c6cb58d05aa4fd92736c0774fa7cf6f52412
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Apr 19 09:57:03 2007 -0400
cherry pick of TAILQ addition from v3.0.14
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2f8f0c56a5f069a7074194aac025eb47fa340d87
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 18 08:33:21 2007 -0400
notes about ipsec eroute --clear bug.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cf8675b8d1783e30044aa9c5299c2c769b5ee7e6
Merge: 8798b81 391f227
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 16 17:57:14 2007 -0400
Merge with /osw/v2.5.00
commit 391f227cbd3978c4b8ce52091dcbb8499f896224
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Apr 15 12:09:58 2007 -0400
change some debugging to error messages.
commit 34a28a99ee5cfb6f18028834853a7a04872d72b7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 14 23:49:15 2007 -0400
This is a new documentation file, on using gdb on application programs.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bb9cead9def3b79a473aa99aff5d737dde4db9cc
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 14 23:47:07 2007 -0400
slight adjustment to IKE algorithm printout
Signed-off-by: Michael Richardson <mcr at xelerance.com>
Conflicts:
programs/pluto/ike_alg.c
commit 89e6bb956a91ce59a03b313563cce9479c941bb6
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Apr 13 16:08:32 2007 -0400
change many debugging statements to errors, to give indication of why
EINVAL is returned.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6aa8ad2bb89fbc6a17a8efec937b43cd3cc46830
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Apr 8 19:32:38 2007 -0400
changed DEBUGGING() to ERROR() for failures of pfkey
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e684e8375d494f0ef2bb050c2e98ed21eaba718e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Apr 3 19:45:12 2007 -0400
updated changes file.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d3f743ba77b194b7dcbaa599688c49b8905c316d
Author: Michael Richardson <mcr at gimli.(none)>
Date: Tue Apr 3 12:44:59 2007 -0400
remove $log from xml file, as it confuses xmlto.
Signed-off-by: Michael Richardson <mcr at gimli.(none)>
commit 8798b81a54ba88b9a3c7d7f111d2c94609611ad4
Merge: 2c3399a 13a2374
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 23:32:32 2007 -0400
Merge with /osw/v2.5.00
commit 13a23744c84afc39c1c07410a7f5bdd7082fa6ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 23:23:21 2007 -0400
updated to Makefile to permit ipsec.conf.5.xml to be built in
presence of object directories. (This sometimes happens during make install time)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a38651a5e6a6cd82535f2ea4eb68825ad1f143ec
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 18:57:02 2007 -0400
some disabled debugging to help diagnose when ERO_DELETE is used instead
of ERO_REPLACE.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ea14a7aebf4cb26ee6964e6b84908b1ef40de20f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 18:56:31 2007 -0400
log if raw_eroute fails, and various reasons why we might call it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c9552d27491bfb7e5515901a39e1f8946264ce46
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 18:55:58 2007 -0400
SPI_PASS is no longer 0, so some tests need to be explicit.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0c1d9a222a56b9c07efc1fad382ef45af2f7f0e2
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 18:55:32 2007 -0400
move check for ipsecversion, and loading of ipsec module to within
the IPsec KLIPS/MAST code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c00de5ab835d2a9dfd657dcbfa8511684e195bbc
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 18:55:05 2007 -0400
log if we have an unknown SPI#
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8d94457691e0a409be73fa5469ce3606be47ea4a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 18:54:47 2007 -0400
enabled oppoinfo debug keyword.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6b41d7aee0ba6e15549d7df68bfd4f497271589f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 16:07:00 2007 -0400
added SOURCEDIR for subdirs which do not have programs by that name anymore.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cae846516bec18058bea355e922712f049cbb24f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 16:06:46 2007 -0400
added DBG_OPPOINFO.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9aead78ed2be678408a72e372fedbb164444aedb
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 15:59:26 2007 -0400
introduce new debug option, --debug-oppoinfo to turn on spammy
information about opportunistic encryption.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e03b752c3ba23bf89b43ce8ad43bc59eeaf2976a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 15:54:44 2007 -0400
turn off one more initiate message.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3085e6d06d361254bdcba1ec3b87edd7cff937cf
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 15:50:22 2007 -0400
oppo policy always has a client behind it, even if it is self.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 69442e299866d9fc937e1ef85958b94440361978
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 14:37:53 2007 -0400
change POLICY_ to an enum so that debugger can see it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 114416e71d693a48531fac6cc73f7fd7e6f02b70
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 11:20:43 2007 -0400
use proper local of ipsecversion file, as old compat name is
a symlink, which fails the -f test.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 46474df88a62dd0f334b2da77487ef7af76dfe94
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Apr 2 11:12:43 2007 -0400
adjustments for "make install_file_list" to output correct list.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2c3399a96c247dbdf9f1f4f8f02797f2d4ac46f8
Merge: 0effc1e df53d79
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 19 11:05:11 2007 +0100
Merge with /osw/v2.5.00
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit df53d7960ec89bf4f5fc85e5215699283ee0c621
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 19 11:03:50 2007 +0100
slight adjustment to IKE algorithm printout (from 2.4)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 47b52a47fbfbec0c6feeea45f04f9efb39df4d0f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 19 10:52:54 2007 +0100
I have introduced what we call an "impairment" into pluto.
This is a way to cause pluto to do something "wrong", or
non-traditional. It inserts an arbitrary sized vendor ID payload into
the quick_I2 or quick_R1 messages. This is to find padding problems
in IKE messages.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a38af5e3d3a14eaf7ee406ad243b34e9be806b51
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 19 10:51:17 2007 +0100
log the size of the unpadded and padded packet sizes before encryption
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0f66733525fcc45e6e11f42a96dd736d07e77f90
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 19 10:50:42 2007 +0100
include optional Makefile.extra file
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 13704d8cdc9b14e2bec0c00390e0ea36825ba84f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 19 10:50:24 2007 +0100
renamed "X509" define, because it conflicts with openssl headers.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 60b269c77bfd4d151758dc2d0cd727c2dc8557f8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 18 23:54:13 2007 +0100
fixed xmlto dependancies and added makefile for pluto to use.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 40fc0348d74b22a14860f812d6b21be48e6089fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 18 23:53:49 2007 +0100
removed X509 version string.
commit e49196337f57e4deb91db5f0679c0a65e6788feb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 18 23:53:14 2007 +0100
documentation updates from the 2.4 tree.
commit ac5949faa9d9c6d07bcf9bb09088a6ffc6e55732
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 18 23:50:12 2007 +0100
updated to documentation from 2.4 tree
commit 0df4c1c283cfdf67dfdab1ef7162ba2593a7e9ed
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 18:09:48 2007 -0500
permit NAT-T VID in aggressive mode
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c84edd043a40af02651ce9e2538b4abb4b867f1d
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 18:08:52 2007 -0500
initiate on demand message moved back to debug
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b20d24e0ee65a58291c2906cc306a13cd91189fe
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 18:05:30 2007 -0500
added full help messages
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d96e0146a655450587fe517273e6ce068214306f
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 13:54:14 2007 -0500
remove X509 version string
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4850b742d2bdbef7b4d5dd2616987ec43713bcd7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 13:52:34 2007 -0500
removed send-pr
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e3e24796261b3a3c6007f101a36c394d3d8ef0e3
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:56:20 2007 -0500
increase wait time for ike ping by factor of 1000
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ae6e0c7aa71d347645abe49878da8e9724123cb7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:55:03 2007 -0500
remove send-pr
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c3baae373e604aee8bd378cd7e99d7adb923f679
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:51:52 2007 -0500
Fix for compiling on 2.6.20 (nfmark is now called mark in sk_buff)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 905064793affd6ce795a9f570b53ea255754adf2
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:49:54 2007 -0500
added copyright names
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e2fb2ec36257f413ca8d95614216f262091dace3
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:48:17 2007 -0500
added MacOSX NAT-T
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5a42bbdd5bc9ed739abf3fa6017b5470d3b0cb5c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:45:44 2007 -0500
updated AH/ESP status output with tweaks from 2.4
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e8368ce5a9a9269334270d42aff513e83eca919d
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:41:19 2007 -0500
remove X.509 version string.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 436400aef73ba097073ecc751342d816aed9c085
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:41:11 2007 -0500
added additional note about LWRES usage being only relevant for DNS enabled
conns.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bd718ab6d7818c7ce59d6bf88027463ab46ffd93
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:38:33 2007 -0500
documentation update from 2.4 tree
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0791a2c648512ada8525ebd1f56fe557fb0d45b5
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:34:07 2007 -0500
documentation updates from 2.4.x series.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 88dd05517e7ddd147d00f6c75719ea7efbd916be
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:33:00 2007 -0500
fix untended logic for return of errors from clearroutes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2bf720e707728170bba8fe326257bb125d5521b1
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 6 11:28:37 2007 -0500
set rekey policy properly.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d75da4a99b73f064c6671317a7e33609c8256bfc
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 26 08:48:54 2007 -0500
merges and patches from #stable
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2272f81acbcb5910402b7f0e0a3634129bfb2e96
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 19 14:50:41 2007 -0500
OE is off by default for new installs.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0effc1e6d0b610c07111d40fb2cd14b4648f5442
Merge: 9b2241a 61d4702
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 14 14:04:46 2007 -0500
Merge with /osw/v2.5.00
commit 61d470255f7f149326d25064d7d08f6154f09287
Author: Openswan Release build at openswan.org <build at vault.xelerance.com>
Date: Wed Feb 14 13:54:52 2007 -0500
updated version
commit 8f3b707853a696e472e7c91a03c02fb9c998e532
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 14 11:57:36 2007 -0500
updated CHANGES to include 2.5.04
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9549302c844fb1c14088d2a2766aa344eed28502
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 14 11:49:36 2007 -0500
make sure to zero peer_ca.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9b2241a3a91ac32ca729305bc7237a8031b80b02
Merge: 3e810a2 fab09fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 6 11:39:30 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit 3e810a20a16aca1f179164ff078f3b49029989e8
Merge: 1f3b696 1f62735
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 6 11:38:50 2007 -0500
Merge with /osw/2/calcdh.git
commit d7ae59e19e6e05b515bda202030772d8364cf78e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 6 11:24:26 2007 -0500
updated code and patches to compile with 2.6.19-rc2
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 449ae60e461e876c0cf62c95a4a82f1641a7930c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 5 21:54:51 2007 -0500
fixes to permit moduless building.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8f9727e2e0574fbc476781938ef6ff1514a34395
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 5 21:53:49 2007 -0500
extraction of klipsNG patches (to rest of kernel)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8b05203baf35acb64d405f4245fe9daf1dc05d15
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 5 21:53:17 2007 -0500
updates to code to fix merge errors, and let it compile.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8c78343ff2c2c303a7f2b57fa8e26d6a414eb5a0
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 5 14:40:20 2007 -0500
fix file so that it validates.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d67e2a000b0c77cea81c5fd6af265ce4355078af
Merge: eeca909 1f3b696
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 5 14:20:29 2007 -0500
Merge with /osw/v2.5.00
commit 1f3b696125470e43ec5e84e215a8014a0b40ce96
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 5 14:19:57 2007 -0500
use mkdir -p so that dir may already exist
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit eeca9097b3b1718af310fe17c15049ae9058e43e
Merge: 9c9fa9e fac494a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 5 12:34:58 2007 -0500
Merge with /osw/v2.5.00
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 343f5677146ae62bab6807a70f9b97867000ac30
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 5 12:33:41 2007 -0500
removed cvs log.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fac494a9b957a607a2b64f91283f6a969ac9fa0a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 5 12:18:35 2007 -0500
teach make uml to avoid copying .git dirs.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9c9fa9ecc221aad09c19f034eee37a76d156c1d2
Merge: 066dd18 151f1f7
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 5 10:11:25 2007 -0500
Merge with /osw/v2.5.00
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 066dd185cbf5c873eaab346a7ea191caed1b7f81
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 3 20:00:48 2007 -0500
renamed pfkey.h->openswan/pfkey.h and pfkeyv2.h->openswan/pfkeyv2.h to
match work that is happening in the 3.xx branch.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4d0539343a33663ddbd1b94b1a5dacb0ffd1871a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 3 19:31:09 2007 -0500
aliascomp from #testing
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ce4451c55e293096b2f64f5523b36455ec195415
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 3 19:30:34 2007 -0500
virtual interface code for addconn, starter, and tncfg.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a00a070206ee8656bd294e08bf8847a815d46525
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 3 19:22:50 2007 -0500
adjustments to code to work with #testing
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1841d5b8a62d2cb25557d43dcb2933528e386c46
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 1 22:19:52 2007 -0500
merge of klipsng and #testing
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a38d662a942a131edcf44eebd50517ce40605eda
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 1 22:19:47 2007 -0500
merge of klipsng and #testing
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 151f1f7268dd977bdefc5b9079c2b0911ecb775c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 22 16:53:17 2007 -0500
http://bugs.xelerance.com/view.php?id=491
Patch submitted by Delta Yeh <delta.yeh at gmail.com>
This enabled NAT-T keepalives for agressive mode.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fab09fb96b5ffec705100ce6303c6eccd7bcb263
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 22 15:56:09 2007 -0500
Added note about acquire bug (see #726) to netkey known issues file.
commit 6156923f0bfa2c3bac9c4604f81c468262d6cd00
Merge: 518b5c8 5735f73
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 22 15:54:27 2007 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#testing
commit 518b5c8108778a54bff6aea487106f8b3f50f069
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Jan 22 15:50:22 2007 -0500
Fix for Aggressive Mode and NAT-T port floating, based on RedHat patch.
commit 5735f731ed474dbb22fce2f5bc0a9f5e1fea2994
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 22 14:46:18 2007 -0500
rewrite of available worker code from egbert@
See: http://bugs.xelerance.com/view.php?id=723
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c0681f622fbdcbbc7e302d839ff90678761c9179
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 15 14:48:54 2007 -0500
patch from "Matthias Haas" <mh at pompase.net> to correct for situation with
PSK, when nhelpers=0. Test case to come.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
Signed-off-by: "Matthias Haas" <mh at pompase.net>
commit 1f627351d64167bc799ab1e0318d3fbd876412f7
Merge: 96ddd49 2ff6685
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Jan 12 12:46:57 2007 -0500
Merge with /osw/v2.5.00
commit 2ff668503b4ea9a457513e926d70211fbe2b1809
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Jan 12 12:41:37 2007 -0500
cherry pick of 4531bb432cc3a72af4ce6f55f943508db66ce291
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a986f9676f5b58a908610d2b483be2faa7139f22
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 9 20:14:30 2007 -0500
added support for wildcards in include statements.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 43fd5bb7a044053fe89fa5e5e2766b558100756e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 9 20:14:07 2007 -0500
added forceencaps= keyword.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b234fd522ddcf019cb90547c14a234a98f355e1b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 9 20:11:23 2007 -0500
updated to include test case that has wildcards in include statements.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8632fabd79fcab2878ecc3755b4ef4c61ac6df15
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 9 15:30:02 2007 -0500
code to implement that all keywords starting with x- are structure
comments.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0c478e47619e006507e6bd73091539c2c53f0fc3
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 9 15:29:24 2007 -0500
test case for x-comment type files.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 45287843a406671387a4e04a785bca51f03a6e12
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 9 15:19:27 2007 -0500
working test case for rightnexthop= set to explicit IP.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5a6da1109a51681789cf4a9103611c8b4e1c02f5
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 9 14:24:56 2007 -0500
get_peer_ca() is now unused.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4f501025d6f13454a7e8b6cf0c1b3b8c257bbbbc
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 9 14:12:31 2007 -0500
make failure to account for all adns in flight non-fatal.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 051edb8fce601fd9d1b01215eab9eb4c7cce87b8
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 9 14:12:13 2007 -0500
remove premature satisfaction in refine_connection().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 36879d9b4703419f27ec5e56cdc415ddac5f472e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 8 17:39:10 2007 -0500
if an explicit nexthop value is set, make sure to set it's nexthop
type to something, so that it will get processed.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a8ed9541ba0aa7e0715f403d022f95ecf9152435
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 8 17:38:41 2007 -0500
Test case for reading explicit nexthop value.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 89b16cd6c06e066e195a088e46089b7b7767d03e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 8 15:30:00 2007 -0500
updated CHANGES file.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dd9a505215ed753f5a89df8f6f838285d8f4f389
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 8 15:29:47 2007 -0500
If a DNS request times out, and the state is removed for another reason
before the timeout, the continuation will core dump.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0d2e9ba17a3773002661062e2c5ceee85c367bb3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 8 10:01:45 2007 -0500
fix for test case of having = in value portion of stanza. This requires
some further adjustments, and confwrite() code needed some more tweaking as
well to avoiding dumping bogus keywords.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3b821a99eaa9e9bba9e7cc307e73f958f187de99
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 8 09:59:16 2007 -0500
added description --- this test case does not run here.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8bbbde912949c359a82bf4dc70ce05e45029664f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 7 21:58:41 2007 -0500
test case for rassigkey with = signs in it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 96ddd490be41ae0b2ccee3066583ecfdc5b64ab2
Merge: dee9e12 00ecef3
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 3 13:36:51 2007 -0500
Merge with /osw/v2.5.00
commit 00ecef343347c2530c50ae7ad5af551b64c92583
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 20:32:00 2007 -0500
adjustments for test cases after merging against 2.5.00
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 341da7a6cb4861e14bde64c0e7e0f91bcfebd6a6
Merge: 74027c4 1ab0186
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 19:24:40 2007 -0500
Merge with /osw/2/v2.5.01 --- compilation fixes.
commit 74027c45830584e8bf22e90dca54441779abde26
Merge: b685641 059f605
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 19:24:08 2007 -0500
updated test case to do as documented. Seems to work.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b685641823060fba6a0becc07ed0fbf7b80e8aeb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 30 11:54:58 2006 -0500
do not mark a msgid as reserved until we have successfully processed
the packet to completion. This likely solves quite a number of failures.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6486193f2fb4c35ab3af4b5507c63087639a3747
Merge: d31042c 5f7b746
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 19:23:08 2007 -0500
multiple fixes for logging and other issues that permit the multinet-02
test case to succeed.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d31042c4f3bc2a4bf0693195f22dd6ad5b3ea5d9
Merge: 428f4c6 abb43d0
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 19:20:38 2007 -0500
this implements the permutations required for the subnets= processing
that is required in addconn.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 428f4c6007fc2a505e9705ed8c440862f88059b5
Merge: 6cbcaf6 f5c3478
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 16:09:11 2007 -0500
This patch introduces the ability to take the XAUTH password from the
ipsec.secrets file, indexed by username.
(details on branch at tag v2.5.01_xauthusername )
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6cbcaf60ecc50e89d140d5540cfb5d6566a343e8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 3 21:47:08 2006 -0500
remove esp=3des default override, as we are happy with it using AES now.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c1c049fb773c718a5179a67ed4668b19104d2a5c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 15:49:25 2007 -0500
remove troublesome, nonessential part of nat-t patch
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1ab0186e699ee31476f58e6933427bd8e3248c0b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 14:49:19 2007 -0500
merging of various pieces to include ctlbase options to addconn
and starterconfiguration.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 059f605cdadb0661ae3439b6ab11cc00ffda8324
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 30 12:28:38 2006 -0500
updated test case to do as documented. Seems to work.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7934b4dacce882b7127488a575e72be47f32f056
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 30 12:09:57 2006 -0500
updated test case.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 06570239e91752386a25de7b2f98ed49bc13a0b0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 30 11:54:58 2006 -0500
do not mark a msgid as reserved until we have successfully processed
the packet to completion. This likely solves quite a number of failures.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5f7b7462b07d74728a40f58553a96c8f24684d2d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 30 11:53:54 2006 -0500
make msgid log consistent with responder syntax.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1ae482ac15b853c525d61b6a86a7c3790c794a59
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 30 11:53:14 2006 -0500
do not close whack descriptor until the enclosing routine.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6865bace8389b85635c684fb65616c20bb993285
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 30 11:48:56 2006 -0500
updated test case for creating more conns.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 985f3d1d41abd5879142ac3e897816401c41e98c
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 29 17:09:59 2006 -0500
multinet-02 test case.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e5d768a6953caac0a53b13cc48cdfe13ae2e02cc
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 29 17:09:42 2006 -0500
make symlink for UMLPOOL in src dir.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1266646731d007a68d37c4e0edf5f4a690521e76
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 29 17:09:12 2006 -0500
make sure that backlog is queued in FIFO rather than LIFO order.
backlog requests need to be cloned, since the bytes will otherwise
be freed by the caller (and are probably on the stack).
Adjusted the logging to consistently log the qid in a standard format
so that searching log files is easier.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e4463fff06dcc9932b28ad3bea1bbed66e766f4e
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 29 17:07:39 2006 -0500
duplicate the whack file descriptors, rather than avoid
closing them. This should permit each of the group of connections to
log properly to the user.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c07a5393ae664b6f0ffa61c45629fdb6e3de9e43
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 29 17:06:52 2006 -0500
small correction to logging.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cbeff292bdb9e38d331d2026a28ba5c408d78d75
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 29 17:06:29 2006 -0500
revise how logging works, and log msgid of phase 2.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 865428b021407ac702be143114063bf750813aa3
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 2 11:30:45 2007 -0500
added testcase multinet-04
Test for using leftsubnetS= with rightsubnet=
Add multinet testcase with enough tunnels to trigger potential race
conditions. Also test alternative syntax.
commit dbedd73311acba7d0c7cfd035fd4c1047e587b92
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 8 16:14:33 2006 -0500
compilation fix.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8065068e1f18b34ef4c80bc1e967df2783e8f7b8
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 8 16:12:19 2006 -0500
terminate groups of connections as well as initiate.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4eb19cacc00755d92c4c3847953b4d30a7a26628
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 11:28:39 2007 -0500
permit subnets to seperated by commas.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8ebbe32c3aa6c6f6207844d35f8cf84714fdad75
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 5 01:21:17 2006 -0500
make sure that cryptographic importance is copied from phase1 to phase2
SAs.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e2fee46dce5b6dea5b86a56008922d507b8e43b2
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 5 01:20:51 2006 -0500
make sure that the whack file descriptor is properly closed, in the
event that there is an error of some kind. Otherwise, whack waits
forever.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9521b8f10212119977fc88bb12830d8f878bbbe9
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 5 01:20:15 2006 -0500
set connalias to the name of the "master" conn when the permutation is done.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d465685fbd846e38a836a08b1bedbb41bf182a30
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 5 01:19:45 2006 -0500
treat connalias member as a processed member, as it may get set through
other means.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 26f19985d99144ab5888ca1c950e292d8b762438
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 5 01:18:33 2006 -0500
test case for full subnets= usage.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ba52fc2c4837de24fed30aa6aa930e3ea42b26ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 11:26:37 2007 -0500
added enum value for "0" if it isn't set.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 41b516dc84de1580c0648bab1d8149f8b4c2efcd
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 11:25:05 2007 -0500
this implements the permutations required for the subnets= processing
that is required in addconn.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8e1ec70fef5b36f32cee148d97830965956b831f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 4 15:49:21 2006 -0500
slight editing of comments to clarify context in which Makefile is called.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1a8bbcbc3b55e87fcb02cad84eab334870c64418
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 4 15:48:39 2006 -0500
test case for parsing and permutting a configuration file with subnets=
set. It uses a custom unit test to print the permutations to stdout.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bb599c68a6c07879026147ac2a65e519a72d8d2d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 3 23:48:45 2006 -0500
implmentation of {left,right}subnets= , and appendlist keyword.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit abb43d0e8395aed625d70f7e08b46e30dd2ff5ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 3 23:48:12 2006 -0500
test case for parsing of {left,right}subnets= and new strings that are
bounded by {} instead of "".
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2af95031424451609e40dd52d1929f5427ef1e69
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 11:22:03 2007 -0500
minor reformat.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 28a5f9daa0eb58ebe0aea758ed02f019287fa751
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 11:21:12 2007 -0500
implemention of connalias= processing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 28b61b3e1b99a7e748f0601fffa3322916531696
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 3 21:47:30 2006 -0500
test case for connalias= option.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e91893d3f925f7c7977416fdfe4ec961bb4ff058
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 3 21:47:08 2006 -0500
remove esp=3des default override, as we are happy with it using AES now.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 096ec2f9ffdbef649b7663fd505ff05431006540
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 3 21:46:26 2006 -0500
added osw_alias_cmp() to compare strings as lists.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f81d69d3c4d7e199e91f54a5ebe23f1d16bddf55
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 3 21:45:32 2006 -0500
adjusted copyright notice.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 64bfcbcbbdb1c079deefb48ee72cddca9941b326
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 2 18:42:14 2006 -0500
added connalias processing to whack.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit edd7616ae74f283660b775154ff8d26794236c5d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 2 18:42:00 2006 -0500
added connalias member, and permit it to set by whack.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b6dab65273fce3f313baf718de75d3424f0e4152
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 11:16:24 2007 -0500
added connalias= keyword.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f5c3478eb48b9aef96dfa8d6a735e02b3265a20d
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 11:14:59 2007 -0500
update copyright statement.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ecb48e7023130e76dab4a5c47a16d5ce64c9f1c0
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 11:14:24 2007 -0500
This patch introduces the ability to take the XAUTH password from the
ipsec.secrets file, indexed by username.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1a25aff6cda2a83e1bad21cb2e4d72be1c6784df
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 27 13:56:48 2006 -0500
minor formatting/style change.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7bac77cf76f3145287ac522ba8a6f140f3a23ec1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 27 13:55:55 2006 -0500
do not try to free what is now an allocated array.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 327a62d3f72e7057e9546967712e4e0f647797a1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 27 13:55:14 2006 -0500
test case for pulling XAUTH password from ipsec.secrets.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 326b629fd18c1abfc6b263b3b0d83191b648dca9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 26 20:54:22 2006 -0500
added test case for --dump of XAUTH keys.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3907d46e1433cb521398aea640091e9a5adfaf71
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 26 20:52:03 2006 -0500
implement part of --dump option to divulge keys.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d7bd67da58ff4646304a18dd8cfa926ea72924e6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 26 20:50:48 2006 -0500
removed unnecessary files.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 854b1b95313bc5683ec441de5f37d3d320d5f486
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 26 20:14:21 2006 -0500
update to showhostkey test cases.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 714084ed289af3bbf9fb721649f2e4f9f63ac783
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 26 20:14:02 2006 -0500
setup FIXUPDIR2, and use it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 51b8cb78b26c016d19a86d39a2de9c04a62baa14
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 26 19:43:36 2006 -0500
removed dead files.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 597cdbedfbc39ff2139db1bce27f6689bca22efa
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 26 19:39:20 2006 -0500
renamed test case to xauth-pluto-10
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d9ac33c561f4c09c3e4aa4340b1c81d132d6ed68
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 26 19:36:30 2006 -0500
updates to pluto to implement preset leftxauthname=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 656eaa5460fa82718a7494678f411e8d3383b86c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 26 19:34:05 2006 -0500
updated scripts, and test case for leftxauthname= setting.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 74c28a0f62d8277abb826148e5ba614262fcbd23
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 23:40:29 2006 -0500
test case should run --status to check if username is set.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f006555c32a9ba756af4f26dd7110922a42ba5fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 2 11:11:33 2007 -0500
adjusted test case to properly test for situation desired for, and
possibly run.
minor tweaks to code, but pluto internals do not yet properly use
provided username and password.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dbe6cf15e481ff830bc945d3a07886bbc7cde8a2
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 13 19:05:38 2006 -0500
Added testcase
commit 12a63806976a99949e8aaf0ff59c9583585e2365
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 13 19:02:17 2006 -0500
Added road's ipsec.secrets.
commit 3401dc456d1fedd1a546c2f669206bf9b329b9f3
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 13 18:58:27 2006 -0500
testcase for left/right xauthusername= option with xauth password in
ipsec.secrets.
commit 2f438c5061c1fce088184399e8ec6faca79be775
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Nov 13 14:16:02 2006 -0500
Fix for setting end->xauthname
commit 799d56388e248d8c3d9c7e25d8e2ad8ed8900763
Author: Paul Wouters <paul at xelerance.com>
Date: Sun Nov 12 20:34:08 2006 -0500
Fix xauth_name variable (we dont create a new one, but use the existing
one from the --xauthname option that was there before.
commit 3603d63909f670086620027e1c535d384afa5e52
Author: Paul Wouters <paul at paul.local>
Date: Sun Nov 12 15:02:38 2006 -0500
Added END_XAUTHNAME processing. Added XAUTH and MODECFG ifdef's.
commit 024defa442ee0311ee7e83545ca597469e980aed
Author: Paul Wouters <paul at paul.local>
Date: Sun Nov 12 15:00:57 2006 -0500
Added XAUTH and MODECFG ifdef's around struct end components.
commit dbae2ab61f843f6edcab23eca2085b9fab4f4774
Author: Paul Wouters <paul at paul.local>
Date: Sun Nov 12 14:58:34 2006 -0500
show xauthusername in connection info for ipsec auto --status.
commit d65b0954bbf599f3e0c62fd1f2234a5437820b1a
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 2 11:07:47 2007 -0500
copy xauthusername info in set_whack_end()
commit 16e28ae651cd45de906138e3a5d62252ed3680fa
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Jan 2 11:06:44 2007 -0500
Fix xauthusername to be kt_string, not kt_invertbool
commit 1a49438833d7d84eb69ab45c33f3aab4d6495a92
Author: Paul Wouters <paul at paul.local>
Date: Sun Nov 12 14:55:02 2006 -0500
Add processing of KSCF_XAUTHUSERNAME. Remove duplicate entry for
KSCF_UPDOWN.
commit d628a0d2f6c27dc7dc51a268f026336474d3f8f4
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Nov 7 00:00:43 2006 -0500
Add xauthusername= as a left/right option to the parser, pluto and whack.
Conflicts:
lib/libipsecconf/keywords.c
commit 9ea3ad8760e53f2042597e888a44b769f003460a
Author: Paul Wouters <paul at paul.local>
Date: Mon Nov 6 23:51:58 2006 -0500
gcc on OSX doesn't like the spaces in the define.
commit e7042cc25d3a1b497a4f4f48c965855ead8b6c82
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 17 22:38:03 2006 -0500
permit building with DEBUG off.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0b3477269e79db0854ed428b5640533b10971ebb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 17 22:37:42 2006 -0500
fix bug when config file has rightrsasigkey, but not leftrsasigkey=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 67a18ebd9d425e548590c6ba00ffec84a6f9de84
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 17 22:37:09 2006 -0500
added support for --create/--delete to tncfg
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit aae7bd46e459b61f924b2881b0c7d91d8c43ff83
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 17 22:24:11 2006 -0500
pull up of klipsng options to --create and --delete virtual adapters.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dee9e1280809b0fcda6bff6468bfb4f20117d444
Merge: a1e6e27 615973d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 6 12:12:19 2006 -0500
Merge with /mara6/openswan/v2.5.00
commit 615973dfd49854b0ddfa93b979f888ec9167b6d1
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 6 11:13:34 2006 -0500
make sure oe is on
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7301c0f6bdd9f8c15e9d7c103f8cbf20470f26bc
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 6 11:13:25 2006 -0500
updated test output
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ad38c0117825c2640a88b8f70381be5ddde8fa3f
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 5 01:29:43 2006 -0500
added cryptoimportance_names definition.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b95c57e4af7b0090863c50d7433b9ed96ea2c601
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 5 01:16:07 2006 -0500
Under situations of load, where many requests can be queued at the same
time, due the way that pipes and stdio buffers, the helper can wind up
confusing the stdio buffers, and wind up reading back it's own output.
The result is a mess.
stdio says that you can't mix reads/writes unless you do some kind of
file positioning operation to synchronize state. Rather than doing that
on a pipe, let's just use an input and an output stdio buffer.
The reason we are using stdio at all is so that we can let it worry about
all the buffering, and reading from the kernel in bigger chunks.
In addition the above, the parent pluto process could find itself in
a short write, so centralize the recover of that.
commit f7bb1b3c028e2ec1d7f0fbb048b820550eb58744
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 22:04:57 2006 -0500
updated test cases.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit da177182624526ae55b5224e2ef15bbd9add8a56
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 20:20:10 2006 -0500
copy quirks in aggressive mode too.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 15cb817af4eb44bf7b1f009783ba8c07f39159f6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 20:19:50 2006 -0500
fixed refactoring of log functions to supply buffer size properly.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 79b713180286ad111609f51e6448637092442fac
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 20:19:24 2006 -0500
updates to console output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 544da231b03ca764d07441c09f98ba49ea64e736
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 20:19:12 2006 -0500
turn on DPD if both dpddelay and dpdtimeout is set, and default dpdaction properly
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7b953e88043ffc91531782153f95ea987bfb2de2
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 19:39:11 2006 -0500
removed error messages, updated console output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9aa1947a91f8871af4f73d770925bcd23f071973
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 19:38:04 2006 -0500
refactor printing routines to make function clearer
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dcf1b0c9f1386e60544ba70eac0f73fde7fae2f8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 17:34:01 2006 -0500
updated console output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 286f3cb9b5546c895eacabf59358dd42279efd3e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 17:01:58 2006 -0500
fixes for modecfg and modecfgpush configuration operations.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 525743c36c2c1bb2bda47620bc5ca76fdf573a5c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 25 17:01:39 2006 -0500
updated test case for modecfg operation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b15b239eaabc75a63137fd54d8db682fd7a1e254
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 22:59:23 2006 -0500
minor fixup for xauth-pluto-04
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4824b0a438bc43184f4403c2379d36183b746f6b
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 22:06:22 2006 -0500
updates to configuration file parser to support xauth client and server options.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5704e827ee736d7966bfcce574c966b5c388b583
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 22:03:52 2006 -0500
updated basic xauth test case.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fb2a88eded5fb21009bd1268677d6c09e67bf050
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 16:52:45 2006 -0500
xauth*= is just a boolean, not an inverted boolean, and should have automatic keying
context.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 10a8b5b990170279a76bfa0cde8c06969727932d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 16:52:06 2006 -0500
added test case for xauth*= processing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 91aad4f1e68a2125481cc2010f4cca8baf3cfd5f
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 15:59:22 2006 -0500
sanitize out the pathnames from the outputs
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b170424d04b89389deadbc4a95d0b7804ed63152
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 15:58:29 2006 -0500
sanitize out the pathnames from the outputs
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6b43def01ed435d0580cf3c68cf0a6b32fca7a07
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 15:57:53 2006 -0500
fix configuration such that it conflicts
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 181d20d3d9cf53839ccd735a9a9653c7fb9c8397
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 15:57:33 2006 -0500
minor output fix to dpd-06 test
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c2e23a6e16a55632d618740518d419f3fad3323d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 15:57:05 2006 -0500
if nhelpers=0, then the operation will have been done inline, and that's fine too.
Fix reported by Martin Hincks.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6e6333408ad7a62e8629dc314ffa1ed8f44455ba
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 23 15:16:06 2006 -0500
fixes for parsing after %default processing
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cabdad08e602d1f86dd13aeb01532a6803598d9e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 16 20:55:12 2006 -0500
updated test case --- remove kernel messages.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 53cf790f69b79b216e69c186b081f9e3b0cccceb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 16 11:51:31 2006 -0500
east side should have tripped.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 051e8160e52a223043ceaaacc5d99f7167d9f69b
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 16 11:43:43 2006 -0500
dpd-01 test case revealed that when DPD is set off in restart mode,
that the conn should be placed into a %trap.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c75967b03b2c478a612aef4ccb7e5dff6e4bdaf5
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 14 23:43:22 2006 -0500
the dpdaction=restart still did not work right --- this fixes it so that it
schedules a replacement of the phase1 SA, and all phase 2 SAs that might depend
upon it. Some refactoring was done to state.c code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 81d3d0bc040aaa67cf1fc724a3398785c0108338
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 14 23:42:36 2006 -0500
adjusted DPD test cases, and updated dpd-06 to add debugging.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a1e6e27481b070d290fad6bd7dd753ce49c22bc4
Merge: 0fbd0d2 f31ff9c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 13 22:23:39 2006 -0500
Merge with /mara6/openswan/v2.5.00
commit f31ff9c23830357e4d55a2ef339c632baec16914
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 13 22:21:52 2006 -0500
config files for 2.6.19-rc4
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 682d7c9a75939d2ec11650b0dda3c6d662ee2e32
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 13 22:21:43 2006 -0500
do not complain so much if an ID_USER_FQDN is missing the @.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5645aba7293e7fd384deda49096e04edea88b3cc
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 13 22:21:26 2006 -0500
when /dev/hw_random was removed, a comma was lost.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 41e54a2684dc809d7952e816860ea646a3194a72
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 13 22:20:18 2006 -0500
kernels after 2.6.18 do not return a code from unregister_socket().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 27b018bbfd4b357cf242cc43077b2ca8bbbbea90
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 13 22:19:56 2006 -0500
this is a test case for DPD action parsing, and for conn %default parsing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e4bfd7ad1d2652fb2ca780c2378c0357b6f6d553
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 13 22:19:18 2006 -0500
This fixes a bug where conn %default's were not being applied at all.
This was the result of a) the parser was treating them specially, but
we want to do the special treatment in the semantic part, so remove that
special parsing, b) the defaults were then applied and then reset.
test case readwriteconf-09 tests this.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 822024d4ba44cd65cc6bc279172fe891eaaec0b1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 13 20:29:22 2006 -0500
checkin failing output if no alg
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3ec5550525dc701c19759b006f52b819e81d3c83
Merge: 27eb192 f2bed48
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 2 11:14:15 2006 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 27eb192773f957a09a817b9b1c72410eac39ac60
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 31 23:51:24 2006 -0500
revised version, slightly edited.
In the absense of any other written proposals, this one is going forward.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f2bed4805edd00c756a5691449048fbed4481d09
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Tue Oct 31 19:58:59 2006 -0500
OSX Patches. Now compiles!
You might need the ocf cryptodev files. Those are not available to public
yet.
commit 4604a2c09dae49438fb3fde8c505b20d7da51631
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 27 11:25:54 2006 -0400
sanitizer for when we do not care what the ISAKMP particulars are.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f9ac082b525364be5b1f8c14a701641c63d11573
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 27 11:25:23 2006 -0400
change our mind --- do not sanitize the ISAKMP particulars. Yes, the
defaults have changed, but we'll have to update based upon that. We need
to know that the correct things were negotiated in general.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d96c12448ebfcd3c9882b2beec933ac17e223bcb
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 27 11:04:16 2006 -0400
removed /dev/hw_random
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ea5f8acb2538586bb999d135d7052efc5437cf07
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 26 16:20:39 2006 -0400
made note on nocrsend option in leftsendcert (saying it it obsolete)
commit d0a7f0c2bd3fa8e5e21ff2ecd49beaddccde70c1
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 26 16:02:10 2006 -0400
Added nhelpers man page entry.
commit 352e58a98e71d7c307aa3948af39c233d9415940
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 25 18:00:52 2006 -0400
include the sysqueue.h from private includes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 35a967058a2f2fe89c12031dad98433343aedf97
Author: Paul Wouters <paul at xelerance.com>
Date: Wed Oct 25 17:17:22 2006 -0400
moved packaging/redhat to packaging/fedora.
commit b73390fb94436af3ccc9572a980315a276284c0c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 25 15:29:20 2006 -0400
removed BIND9STATIC, it is obsolete.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b8d1c72d7fc1c455e8268d6859ecf717f26cc4f9
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 25 14:26:08 2006 -0400
adjustments to cast's to work better with gcc 4.1.1
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7870efb3d5bacee89bc04b558c1eafac9a2097d6
Merge: 6263ead 70eba06
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 24 17:43:13 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 6263eade5df9017e2a59368f93dddda6d630ed57
Merge: 39e25db 40c8960
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 24 17:42:57 2006 -0400
Merge with git+ssh://build@cyclops.xelerance.com/home/build/today
commit 40c8960edd687b72c14f2f12c1bc3098b9a77f72
Author: Michael Richardson mcr at xelerance.com <mcr at xelerance.com>
Date: Tue Oct 24 17:44:32 2006 -0400
removed second script-only, and updated ref= values
commit 70eba065ad470ccd43d1d13f4f808929613a59e7
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 24 16:27:17 2006 -0400
Pushed updates from man page of ipsec.secrets from 2.4.x .
commit 69c795ac99da6c8b50bb72a2210c609ec36d80e8
Merge: 63cc66a 39e25db
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 24 16:25:51 2006 -0400
Merge with paul at vault.xelerance.com:/xelerance/MASTER/git-master/openswan.git#public
commit 63cc66afdb20fc1d78b2492fbbb341da7268bc3b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 24 16:21:00 2006 -0400
Added smartcard documentation to man page
commit 39e25db6dca15e20ad3b6f99a7231a29cc804767
Merge: ba7bd0a aab0f91
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 24 16:14:49 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit ba7bd0a57d958dd6bb58e0cd250e44f9204f1b81
Merge: ec42b72 4a3b486
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 24 15:46:46 2006 -0400
Merge with git+ssh://build@cyclops.xelerance.com/home/build/today
commit ec42b727a25801a3f5ad50a3eb86dae97ccbc537
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 24 15:44:00 2006 -0400
updated test results for ISAKMP output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3490424853b729f16c9cef28733903a4cb500799
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 24 15:38:28 2006 -0400
sanitize the ISAKMP SA particulars.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit aab0f91fafeb27d048bc5123e78e6910c1c8ed0d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 24 12:38:54 2006 -0400
Clarified leftca entry a little.
commit ff58aefb3aa51c5429538fafd2f70ddb3f76f0e6
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 24 12:37:00 2006 -0400
removed bogus varlistentry tag.
commit 7a26f5e12212b764e4e72200f0b1332a5eb0c628
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 24 12:32:31 2006 -0400
fixed misplaced keyword.
commit 6821b9f44dedf0a679aa1e0265ab86aa2022e13b
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 24 12:24:07 2006 -0400
added leftca option to manpage
commit 4a3b486c6591f8ad2aef25bce6b3c72693378870
Author: Michael Richardson mcr at xelerance.com <mcr at xelerance.com>
Date: Tue Oct 24 11:39:03 2006 -0400
removed double sanitizer
commit df2bd59b465a5a9a68a7419502144762aef2a970
Merge: 5be996c a6580fc
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 24 11:07:23 2006 -0400
Merge with paul at vault.xelerance.com:/xelerance/MASTER/git-master/openswan.git#public
commit 5be996c3fbd8776f5cf2c45abdff9fc7f074625d
Author: Paul Wouters <paul at xelerance.com>
Date: Tue Oct 24 11:06:58 2006 -0400
Added leftprotoport= option to man page.
commit a6580fce7e2c5a5250e28486adb5d1f29a299321
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 24 08:37:09 2006 -0400
slow down refresh rate
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0fbd0d23876b7edbcb328610afd2f36596cc42ef
Merge: 11640eb ae9b4a4
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 23 21:21:32 2006 -0400
Merge with /mara6/openswan/public.git
commit 11640eb01cc8ee85c22a2389c203d4b68c9f3038
Merge: a9ed0a1 792fddb
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 23 21:20:39 2006 -0400
Merge with /mara6/openswan/public.git
commit ae9b4a437e77a8c790a4b54c8284c5b93c859f11
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 23 17:24:48 2006 -0400
Renamed/fixed entries for xml docs
commit da3056558bd9fa4844448d23c7a4e0f56e3beabc
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 23 17:08:55 2006 -0400
Renamed, added and updated many bits of documentation from the 2.4.x tree.
commit 79d883b54688d37eef3393fbd5fb6891f3698288
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 23 16:58:37 2006 -0400
broke out all sections and properly listed the order here.
commit 4b15e735c577db143151a10803759623a16f3a52
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 23 16:10:30 2006 -0400
Removed esp,ah and pfsgroup from manual section (they're moved into the
general section since they cover manual and automatic keying)
commit 5c5114e8dfe624cbb09f1e24f44d09137764d871
Author: Paul Wouters <paul at xelerance.com>
Date: Mon Oct 23 15:32:26 2006 -0400
Added leftsourceip and rightsourceip to example.
commit 792fddb49826339bebf29c7f5885905f3b1a9966
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 23 14:57:12 2006 -0400
provide explicit ordering for pieces.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit edea519d424c613d6e79eeb223efd05b0e37af55
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 23 09:58:22 2006 -0400
do not automatically run any of the module based tests.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d832ce1429abc06f4563d099989c35d9f492d110
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 22 22:52:26 2006 -0400
remove code to create new tables every 40 lines.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d00706d4bf3af8a23a1c772052ab796a8ee3928b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 22 22:33:15 2006 -0400
added variable for turning on/off multicolum output.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a9ed0a1a7b66dc1c391682da0a7e63a6df2b8734
Merge: 37321a6 d22327f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 22 14:05:21 2006 -0400
Merge with /mara6/openswan/public.git
commit d22327fa1a82b9d70eb568b7492eabc42c6d3362
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 22 14:04:50 2006 -0400
make sure to set default path
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 37321a6feaadceb7b2fcb7c2ac5b14001e730fc1
Merge: de4ec45 1bfb11f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 22 13:01:08 2006 -0400
Merge with /mara6/openswan/public.git
commit 1bfb11f6d2243cafc1c89f9152387baa9c3646f5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 22 13:00:12 2006 -0400
if CC is set, then pass it on to the make file system, it is probably
an alternate compiler or cross compiler.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6347191f632a77b972cbedad9eb73643c6a18852
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 22 12:10:11 2006 -0400
updated linuxrc and start.sh to post 2.6.16 kernel options
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5c47e13c5e50d6d42a6bbb71884425fc636a6d2f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 22 12:08:12 2006 -0400
updated initrd list to etch/root-30 set of libraries.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit de4ec45491d56c4eb8485bf20ca58d66612addaa
Merge: 9cd1a96 c483926
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Oct 21 09:54:45 2006 -0400
Merge with /mara6/openswan/public.git
commit c483926f723cb9c465a33453b4ab3f29e53763ef
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 20 20:45:27 2006 -0400
on a particularly fast system, or a multi-processor, the "halt" that
is sent may execute so quickly that the expect to clear out the
buffer may operate on invalid spawnid. The result is that the netjig
script fails, and any additional "finalscript" actions are not run
(possibly leaving a stray UML!). The solution is to ignore errors
during the final shutdown of the UML.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e4760f8735b4197bce9234b7a4fc7e8ed293b204
Merge: d03e170 c111d22
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 20 02:03:54 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit d03e170292d60ebb0c1f78a4ec84060b7adff117
Merge: 38967ee 5b3520e
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 20 02:02:54 2006 -0400
Merge with /mara6/sandboxes/public.git
commit 38967eef8dadb49c648b78ba8bd7976d78dce15a
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 20 01:08:19 2006 -0400
added CONFIG_NETFILTER_XTABLES for 2.6.16.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from ddee5e510eb10722972cf1e0f9594edb016f4d1f commit)
commit c111d2252e29dc1d4365c2fa0c5526d4069ecbf3
Author: Paul Wouters <paul at xelerance.com>
Date: Thu Oct 19 23:38:12 2006 -0400
Added new man page items and most modified man page entries from 2.4.x
as seperate xml files.
commit 5b3520e88cb2675f4c52f1638dd7acb88c9b5a9e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 19 22:00:14 2006 -0400
revised position, possibly consensus.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9cd1a96291dd5a8e7d6197bd66430e0d75477f62
Merge: 35d7441 9f96f8d
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 17 12:22:07 2006 -0400
Merge with /mara6/openswan/public.git
commit 35d7441c7d8bd7dc164993643a515c915557b557
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 17 12:21:37 2006 -0400
make sure to use the phase2 PFS group, rather than the phase 1 PFS group.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9f96f8dac3424680cb35bd18ceb31569d7a1b3f1
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 17 12:16:55 2006 -0400
make sure that OE is turned off for test case.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit eba588c8b289d06af80e84d017a59ddd10a740a7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 17 12:16:27 2006 -0400
compile time options to divulge final keys
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 360c354733590da21d4b1e7615827b96df77d702
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 17 12:16:02 2006 -0400
deal with non-MD5/non-SHA1 authentication algorithms.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8132d97c9078d45c7dea9e9e2c8470c588cdade2
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 17 12:14:36 2006 -0400
log the satype with the KEYMAT material.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 96c79986d4d2cb42d3dd7d5f92a2339d415fab18
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 17 12:14:01 2006 -0400
log which pfsgroup is used in quick mode.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c86b8b9b97c1ec70685ca5c43ee9f7091fc9d6e2
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 16 12:17:03 2006 -0400
test case of transport mode with phase2 pfs group set. This fails to generate matching keys.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e2fb0eb6b6818abbd14616efc48d24c5b257270d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 16 11:42:38 2006 -0400
test case for ESP with pfsgroup set in phase2alg=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d285ea7bee217f72017933be55cf0d654e9c2964
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 16 11:20:30 2006 -0400
test case for pfsgroup and AH.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5dd7d8315cf5b5cb23e193dbb3fd13ceb647769e
Merge: 4b62df4 30c8393
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 16 10:18:59 2006 -0400
Merge with /mara6/openswan/public.git
commit 30c8393efb2215eea36c0e9a6ca19f306465b896
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 16 10:17:53 2006 -0400
make sure that p2alg string is initialized, and only format proposal
line if we have an algorithm
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 75d8f90f60fe53f236e86507f52fb645e9e5bbeb
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 16 10:17:13 2006 -0400
include _confread again in list of directories, but no longer install
the actual configuration parser reader (the awk version)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4b62df4d8a6cbc8baffe1031f8e5e5a8a4b0c1e5
Merge: 3fd60fe 9935c69
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 22:42:17 2006 -0400
Merge with /mara6/openswan/public.git
commit 9935c69deb0fdf4dfb9582d214eb4caf5026e4fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 22:42:07 2006 -0400
test case for phase2alg= with AH transform.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3fd60fed698b79c566882ece9b18372f9953b000
Merge: c63d616 e4438fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 22:41:41 2006 -0400
Merge with /mara6/openswan/public.git
commit e4438fbc40ef56045a2e20f87c2ca3d1f630cd2f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 22:39:46 2006 -0400
fixed up man page.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5d65c7affd59607ff96dd65f1c0e6c41f8722ac5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 22:31:56 2006 -0400
install man pages and ipsec.conf default files.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e41071969063a8396dd70bd634cd7dd91abdb60f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 22:22:21 2006 -0400
adjusted logging to show phase2 proposal in the logs.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8a994181804801d95b02b06c327db7a3215c3912
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 22:10:41 2006 -0400
added proper AH transform creation.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4966236d3d1806c0da80d48d3be6510128bfce21
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 21:14:27 2006 -0400
do proper printing of AH transforms, and use proper enum_names for oakley
encryption algorithms.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dfbf50394ba7d7a335daa9c26150ec61e3f6967a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 21:13:30 2006 -0400
if policy is AH, then use ah_create to generate list of ESP values.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1933710623a33fe8f3229b193721aed005fb87c2
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 21:12:56 2006 -0400
do not crash printing debug info if algorithm is not present.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4f18aa5b2fbf50564755c21a59bd06a0f41e42ce
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 21:12:15 2006 -0400
added printing of AH SAs, and use proper enum_names.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bce9df08a2a7e3fc30745d0b86afd3d7a505c979
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Oct 15 19:08:49 2006 -0400
when printing the OAKLEY encryption algorithms, make sure to use the
list of oakley algorithms, not the list of ESP algorithms.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f166bb9e4dabcfc0c6eab4bd61958b64dee9ba19
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 22:08:05 2006 -0400
leftprotoport= no has proper %any value
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 13e50ad3152da452b5ef764d7e8d4a786c9d760e
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 22:07:28 2006 -0400
added stdlib.h to test case so that it will compile on gcc4
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 828d493027e374789e4b9e94496065a9065e102e
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 22:05:53 2006 -0400
do not print leftid= if it was defaulted from left=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6fe3f370d8ad4707ba87bd5cb8a17c040fb66411
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 22:05:28 2006 -0400
added test case for phase2alg=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fcb4c283ab7bbd4a94cf364c0d78527cf27fe260
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 15:05:43 2006 -0400
remove #define DB_CONTEXT as obsolete.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0e3d961e347df7e4b6e07086b979de8679d268dc
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 14:56:49 2006 -0400
added test case for algorithm parsing, includes AH modes.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 21633d8faddac8b4718aeda8e775495f1e62543b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 14:56:18 2006 -0400
added AH parsing to algorithm library.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 37af9089dd81811d03f57206b8b7af3bb74d4f6d
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 14:55:59 2006 -0400
fixed up libtest unit tests to get list of environment variables from
top-level makefile
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit be42299148e2988f9652f24512f9eea67fbdd376
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 13:44:25 2006 -0400
updated test cases and testing infrastructure
commit e14c40e89e0740bd848ceda9d491d4a64fca6a39
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 13:43:22 2006 -0400
export LIB* so that scripts can use them
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 64a75aacb0ae81f30b32886d9773f89a84039881
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 13 10:16:40 2006 -0400
add missing include for clone_str() definition.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c0970b5e3a565d1fffe3f857789df41d30766251
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 18:52:27 2006 -0400
added sa_lifetime field to kernel SA datastructure.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 4cc59941a6d74730abd8ad05fee9bce2e0998f70 commit)
commit f59d76f2a7095b9470becf125154a435e281332c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 17:42:51 2006 -0400
when the FreeBSD/KAME stack reports the supported AH algorithms,
they should be understood to mean that ESP can use these algorithms
for authentication as well
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 05f5b4cae7bed6506784e2582b2e2b2631745c82 commit)
commit 0adbd63535c3b8f8c49c52d3a26dd4726ff4501d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 16:32:06 2006 -0400
added algo-pluto-01 test case, and updated test scription for -04
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7326054dd04e2193e1db76a317d4de176bc6465e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 16:30:48 2006 -0400
new test case for testing phase2 ESP=AES256
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c63d616d3864ff0d56cecfb316437bcc04ea6015
Merge: c09bccc 87d1552
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 14:46:38 2006 -0400
Merge with /mara6/openswan/public.git
commit 87d1552e906ad9c830f778c385c2e1da9054871c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 14:44:41 2006 -0400
make sure that leftid= defaults to the IP address, if the IP address
type is used. This may not correctly handle all cases of left=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c09bccc9bd3dafad2e44c091eb492f35bd010e12
Merge: 709cc78 f1688d3
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 14:23:59 2006 -0400
Merge with /mara6/openswan/public.git
commit f1688d31406175376c6bca6c57f49c6f2a03c5e8
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 14:15:06 2006 -0400
added release numbering proposal.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ff53fd840b5459be4d8e00698908dc0d18ef7b50
Merge: ce4ac07 792ad31
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 14:13:18 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit ce4ac072e0324524c02a35b54cb21e48fe93078a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 13:35:52 2006 -0400
there can now be passthrough, reject or drop policies loaded into
pluto, but these should never be selected as the appropriate policy from
a host_pair list. (maybe they shouldn't go on the host-pair at all?)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a740eb879c574212dd08c86d9f401e3c9fb06d39
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 12:56:45 2006 -0400
new function: isvalidsubnet(), used by confwrite.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 567ce93d8e1780506723a2e8813ea0c6dd562129
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 12:56:24 2006 -0400
copy has_port_wildcard to whack structure
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b86ffc2993850c1823976e3f7a194d32135b1741
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 12:56:12 2006 -0400
use starter_log() debugging for file inclusion debugging.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6f8f7bf63204fe16ddac289fde300a30e518dd50
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 12:55:55 2006 -0400
mark subnet, protoport, as being kv_processed
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 040bb6ffa3c7f85836baef544752e75120d2383a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 12:55:35 2006 -0400
if kv_processed is set, the do not print keyword as generic int/str.
be a bit more particular about subnet=, dropping if it is a singleton
that is equal to the left=. Make sure that protoport is in correct order.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7d7bdb46d2ffa73528bc315a687b4b44af8d6e6b
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 12:54:16 2006 -0400
mark a conn as incomplete if it hasn't got an end.
clean up the error reporting by using common leftright variable
check strings_set[] values, rather than string!=NULL.
always have VIRTUAL_IP support on.
include processing of leftsourceip=, and default leftsubnet= to the
singleton subnet, if it hasn't been set anywhere else.
Set the protocol and port #
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8d79c162246767c1e2e3c24b0e903aa06c0f78a7
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 12:52:39 2006 -0400
keywords can now be marked as having been processed in another way so
that the default integer/string output functions will ignore them.
Policy keywords get this behaviour too, but get a special flag to
further distinguish them.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3bf186e6e24cda064979d6d58b0a64a6dd9e50d0
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 12:51:54 2006 -0400
added configuration read structures for sourceip, and port_ and id_
wildcards. Added conn configuration state indicating that the conn
can not be loaded because it is incomplete (it may be a good also= target!)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8eb25392b4ae0d86a36000ffad177f297dd1e47b
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 12:50:21 2006 -0400
turn on debuggin for -01 test case.
adjustment of amount of debugging changes -05 test case
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d0de0a3bc0c0dd5101c4b21f67860e2d8b083ec2
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Oct 11 12:04:08 2006 -0400
updated dependancies
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 792ad31b26dea358b328d2b9f44cc9074d08e640
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 10:21:03 2006 -0400
Default is aes128/sha1 now, not 3des/md5
commit ea79dc416b9127e45a2d5912bb2c3a5ad9e39e6d
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 10:19:35 2006 -0400
Default is aes128/sha1 now, not 3des/md5
commit a056d4387d42bab262f6443d3634548d88eb7dcd
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 10:15:41 2006 -0400
Default is now eas128/sha1, and not 3des/md5
commit 365588bad919bcc689feca301a0cf6a205363e09
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 10:12:04 2006 -0400
New keyid message when loading from ipsec.secrets.
commit d6c0a4e0c605b39e577c2984fa8797e5ba29bcb6
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 10:10:32 2006 -0400
New keyid message when loading from ipsec.secrets.
commit 7e2f9b1783b3c815cdc89c31c170dc7ab63de549
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 10:09:29 2006 -0400
New keyid message when we load from ipsec.secrets
commit b334b952c996cdfdedd70fb3cbdda215147760e0
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 10:08:25 2006 -0400
New keyid load message on reading ipsec.secrets.
commit 88cb9afd32704dc9360e6dff43a1ee83f4973e1d
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 10:05:44 2006 -0400
Default is eas128/sha1 now, not 3des/md5.
commit 2b673e2e58e590dce713550208c4be567f987d7a
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 10:03:28 2006 -0400
Now default is eas128/sha1, not 3des/md5
commit 454df0dd6516128eddbecae25171c921a945c080
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 09:57:35 2006 -0400
Default is aes128/sha1 now, not 3des/md5
commit c8e8cbe1c14885ffc995500753c4c151d6909e91
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 09:31:18 2006 -0400
Using longer iv now.
commit fc6b8e9c46e2564fa74340e6ec867aa02af73490
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 09:24:10 2006 -0400
Removed extra command prompt from output.
commit c986d5054e9c45ec462483bcbea40727dab7fbc7
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 09:21:25 2006 -0400
We default to aes128/sha1 now instead of 3des/md5.
commit 5376315cf27aa47f221a8a1d30178810137aa865
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 09:16:27 2006 -0400
Tune output. We now limit to amoutn of tries by default.
commit 68a956c7eb58b5f3d1e26b93f137835a7926caba
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 09:13:23 2006 -0400
Extra command prompts in output. Don't know why.
commit f18f17c23f4e18dcf5ccdab464b8bb50ae3bbc38
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Oct 11 09:08:18 2006 -0400
Uses PSK, not RSA.
commit 709cc78cf6b26c061599513ce6bc614c35f7df42
Merge: 89500ef 272bab7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 10 17:27:10 2006 -0400
Merge with /mara6/openswan/public.git
commit 272bab7f12a483c12c2f9794b46f202d54aa536e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 10 17:17:35 2006 -0400
remove extraneous debugging
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 59ed5d8fa43009a0c79c25d93f71ba1611a4433f
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 10 17:11:13 2006 -0400
I must have inserted a keyword into the wrong structure at some point, and
then got confused as to whether KSF_ was for conns and config setup, or not.
(It is for both, but not left/right things!).
I then, thinking the wrong thing, have been moving things to the wrong structure.
I restored things today. I am suspicious that letting the compiler number the
ENUMs does not always work.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b564a0825916d00148c03c7c4c62fee3a4871ceb
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 10 17:09:37 2006 -0400
changes to packetdefault due to using defaults
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0ce9fdca94d63c58abb93b0ac223852d0652f2c4
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 10 17:09:15 2006 -0400
changes to packetdefault due to using defaults
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f31530b154373f2e52e11d21dfa83fef2162968e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 10 17:08:47 2006 -0400
changes to packetdefault due to using defaults
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 97205e2e9ca06c90141a42f30dd8e8e9d7df39ef
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 10 17:07:37 2006 -0400
turn on much verbosity to catch incorrect parsing/output of OE conns and others
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1e34704fdc943a76010e69407901622fefe9613c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 10 14:05:24 2006 -0400
test for transport mode configuration file parsing.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 73600ef6ddc5f6a615b098a627d9ea8ba7a161f7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 10 14:05:15 2006 -0400
added --rootdir2 setting to deal with various test cases.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8bea0d12a0b7cc4c7984428ef74284f529f5cb41
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 10 14:04:51 2006 -0400
changed many KBF_ types to KNCF_ types.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7499931a1be85b0baf9010ce98536a9b60d914ff
Merge: 838b8e8 ae9613d
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Fri Oct 6 17:52:01 2006 -0400
Merge with paul at vault.xelerance.com:/xelerance/MASTER/git-master/openswan.git#public
commit 838b8e8a22de3ca9b6b799f8d3f2a61b24d8acbd
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Fri Oct 6 17:51:42 2006 -0400
Fix for 2.6.18+ Only include linux/config.h if AUTOCONF_INCLUDED is not
set. This is defined through autoconf.h which is included through the
linux kernel build macros.
commit ae9613d54295c60713c2b88fc782cebdfdac9898
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 6 14:16:15 2006 -0400
adjust string offset to not have _
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 89500efac7e16614ed7864d77a61caff3181d75a
Merge: 9e9fbe7 902aa0d
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 6 13:40:44 2006 -0400
Merge with /mara6/openswan/public.git
commit 902aa0ded302c30f214f445d469305dc3fec17f9
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 6 13:30:39 2006 -0400
ignore lines that just have various kinds of spaces on them
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b1484f5fd93519ba2bacdadcfe366b701e5078d8
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 6 13:24:04 2006 -0400
test case for spaces in config files
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9e9fbe7a9b448026e08243887ecaf6a5c4397651
Merge: 443064a 6557a2b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 6 12:10:24 2006 -0400
Merge with /mara6/openswan/public.git
commit 6557a2baa0c971ec196cdb7cfc62c8a95e74336b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Oct 6 12:08:34 2006 -0400
when formatting status output from IKE and ESP algorithms, translate
the numbers back to names.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f48bb7679d323d9c60c9cf4f50c5127d9feb8630
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 5 18:08:44 2006 -0400
added note
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 443064ab3bc5e730c8b4878f5bd1c48bcf3291a6
Merge: 25954cd 255e513
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 5 17:45:10 2006 -0400
Merge with /mara6/openswan/public.git
commit 255e5137fd490a5350950b6de76d46000c64d3af
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 5 17:43:37 2006 -0400
a number of loose_enum and the like fields are both numeric and
string, and the two have to synchronized, and were not.
In addition, there are some situations where we have strings that
are in fact valid keywords, and the parser, being context-free, sees
them as keywords, not as strings, so we have to compensate.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b7e1e53b848b469a14cbe649790cc512d7ca1a26
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 5 17:42:23 2006 -0400
removed bogus entries due to aliases
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 650d795b18874daecead820b4af0bad6181e37d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 5 17:41:11 2006 -0400
removed bogus entries due to aliases
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b82054ac5240f399dbcbae491b712da25d657823
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 5 17:40:41 2006 -0400
removed bogus entries due to aliases
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0c4c6ced13c5c13d05f27c369b4a4912d9ecddf1
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 5 17:40:04 2006 -0400
test case for ikelifetime=/salifetime=
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 834d525aa9f8554cebeb362225180bec5238bdb1
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Oct 5 15:35:35 2006 -0400
test processing of aggressive mode conns
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 25954cdfd4bc3b0637651c54626314afacbe37c4
Merge: c248647 be262ac
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 3 11:34:22 2006 -0400
Merge with /mara6/openswan/public.git
commit be262acb2b89700cbd5df072755679d390254599
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 3 11:33:46 2006 -0400
added test case for AH mode with pluto.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5670e98be0ab5c5b60b7ec338002a707b30e655b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 3 11:25:23 2006 -0400
added phase2= (replaces auth= keyword)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1c7d176fec1fd23938fc4eab1c0f08256129ccf9
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Oct 3 11:25:09 2006 -0400
test cases that have no packet output might not succeed is $success
wasn't initialized
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c248647fa443bd6111f5b5487451d2e580a25543
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 2 12:47:28 2006 -0400
added sample startuml script
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from d71cc8792a45443a659dbfe499d6f1b29292da48 commit)
commit 95a78c38a57564a38636bdc92874d5b36a7b9ec2
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 29 23:10:01 2006 -0400
added various diagrams
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from ec0a5204916725d80dad2201f1014d95aac0a221 commit)
commit d59203eade5c5b12a7ef5ebecc54a62a06ccf2c2
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Sep 22 16:49:04 2006 -0400
Fix typo
(cherry picked from 3f2182d9c84845bf5b9d0f197527a111c70e8bf2 commit)
commit 167de4dd38fed5e9ef850e9e6f1e83341531eadf
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 27 14:44:22 2006 -0400
added needed reset_cur_state() calls, for failure paths.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 41ff5ac60d9741fffe1debcd0f924a8ac7e31398 commit)
(cherry picked from b777314f8c6e29d135da60bda62780edac0958b0 commit)
commit 008db91f31fd8b0157c29d34bc4916037eb12832
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 2 15:37:02 2006 -0400
introduce a new async continuation function in process_packet() so that
processing of packet that was suspended due to crypto still in progress
can be resumed at the right place properly.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 5a568edf4db3cdf9f2b04631fcd8e286eeab352c commit)
commit 8f3026981c2ef5227cebdd1edc6c977e28de8df7
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 2 15:35:39 2006 -0400
optionally core dump to get s snapshot on a memory allocation failure
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 97ff0221742f13a34a12bdad225341e250119ecc commit)
commit 0fa11e205c45221c67725883052ad59e0274bcdf
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 2 13:23:09 2006 -0400
added better logging of crypto importance values
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 8b7f46590631110f8efaf705bab76782e17c01b5 commit)
commit cbc96d031d4bb5019b5df7f8ac7a1c86c5ee9c2c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 2 12:45:35 2006 -0400
added xemacs intend lines
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 1cdaa77e170b8621a4f00fab898c431a37fc6d0e commit)
commit fa5fb108f975f2a640eb25753fc0a7e652c60a15
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 2 12:33:45 2006 -0400
minor adjustment of comments
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from c4d76ca8aa09bdef77370c10a6b86a00ae8eabb4 commit)
commit 4b904463a578e44c19c9642d2fb5976dc2ad5fa9
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 2 17:23:30 2006 -0400
split the Makefile.depend file into operating system dependant files, because
the two sets of dependancies are never the same, and this leads to make
failing to rebuild when needed.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 95f11577924cd201ea806cc560b808b84ebc00ad commit)
commit d71cc8792a45443a659dbfe499d6f1b29292da48
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Oct 2 12:47:28 2006 -0400
added sample startuml script
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ec0a5204916725d80dad2201f1014d95aac0a221
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 29 23:10:01 2006 -0400
added various diagrams
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a594c8810324840fff1732f619a82c8a57c81e84
Merge: b777314 3f2182d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 27 14:47:02 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit b777314f8c6e29d135da60bda62780edac0958b0
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 27 14:44:22 2006 -0400
added needed reset_cur_state() calls, for failure paths.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 41ff5ac60d9741fffe1debcd0f924a8ac7e31398 commit)
commit 2fd129254c2b439c33024deb1ab83d94f7371c13
Merge: 0ec1b2d f5e515a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 27 14:07:46 2006 -0400
Merge with /mara6/openswan/public.git
commit 3f2182d9c84845bf5b9d0f197527a111c70e8bf2
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Sep 22 16:49:04 2006 -0400
Fix typo
commit f5e515a0dc4c959e04148e2fcb8776fa9753e10f
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 22 15:12:46 2006 -0400
updated PSK test case outputs
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dcc9711a10136deefcf9ee9d3a3a15af17cd0491
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 22 15:12:15 2006 -0400
updated make dependancies
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b28ec8b8678c9f7c186f67339ce1bb366daa63e9
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 22 14:50:40 2006 -0400
fixed loop to deal with las_prev properly. This might be the cause of the
list loops.
commit 0ec1b2daa86f2f1865c485f5c28bc51dccef52c3
Merge: 812805d 0cffad8
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 19 21:39:36 2006 -0400
Merge with /mara6/openswan/public.git
commit 0cffad8fc7124d3c012f89bb9c659fbafb990e7b
Merge: 0a9e91c 566716c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 19 21:38:30 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 0a9e91c555e27a5b9562d2a1e3a14a344c4c012a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 19 21:37:32 2006 -0400
added --help, and sketched in --dump function.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7d1a0f52b97698cbba88242bb639c41624f85175
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 19 21:34:37 2006 -0400
added --list-keys
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 69635ac38a6dbeda5b331e0c738e59d6c324b4f1
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 19 21:34:10 2006 -0400
split up large assert into manageable pieces
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4cfbe96834f8b11dbbbf81caf4ddd654c4f9633c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 19 21:33:39 2006 -0400
split the Makefile.depend file into operating system dependant files, because
the two sets of dependancies are never the same, and this leads to make
failing to rebuild when needed.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cb379cf74292f319db198f2bd77d820802fe832b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 19 21:32:59 2006 -0400
make sure that authby= is processed properly as a conn value.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 812805df5377e80a98bf97179c6f19d548c19a4a
Merge: 95a36c4 9df6bff
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 19 15:09:31 2006 -0400
Merge with /mara6/openswan/public.git
commit 9df6bff17760909f7e875448070b8166ff42285a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 19 11:03:21 2006 -0400
updated test case with new pluto outputs
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7a802f8663468e90553cfe01bc68e656ec6a5980
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 18 23:28:14 2006 -0400
added phony file
commit 566716cb53159677de53333bae8b768f3c81db00
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 11 21:15:04 2006 -0400
change some functions to take/return unsigned char * for blocks of
data, and make sure that all other casts are done properly to make
gcc 4 happy
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f11d98ec75b06e29d8c3f485f68fa47441b2b6fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 11 21:14:29 2006 -0400
removed dead pattern
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cfbb66e8ab6c681b8332ba5832d828c2ad0f6eaf
Merge: 9bfb279 4163e0d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 11 12:20:25 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 4163e0dc8f97110f9a198276f606de22e1615241
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Sep 8 14:43:16 2006 -0400
fixed dynamic allocation of rcv/xmit state objects and handling of errors
commit 95a36c4cba24385bbe9e038edf4543f911d7e2df
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 7 13:59:29 2006 -0400
st_suspended must be reset after processing is complete (2nd case)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from e7dc0d52d88bea78f8267e16aa2a00bfeb72ef26 commit)
commit ffabc0d85675c63a86251c90fb01fcdeb21e9796
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 7 10:58:17 2006 -0400
st_suspended must be reset after processing is complete
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 47e13a0aececb72a3251f7cf00901daa2090370d commit)
commit af295f4c4bcde0884ff55e1e69d07cccc2fa7815
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Sep 6 21:45:20 2006 -0400
use set_suspended() macro to remember where the st_suspended_md
was set so that we can debug if we hit a passert().
Protect all release_md() with a test to see if the md is non-NULL.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 1a0a14baa67303918962a079317691d1342129a9 commit)
commit 9bfb2794bd9c239dfe9e9617616eaf6fc389de57
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 7 20:23:07 2006 -0400
treat uninitialized sockaddrs as being anyaddr's
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fbeb0bbd52e45bfb5f07d25ee728159307e32fb4
Merge: d075f02 ac53f92
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 7 20:18:43 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit d075f0261a024f36c1fd3a2d06fd6e22a06a2398
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Sep 7 20:18:05 2006 -0400
change pluto/crypto-helper communication to be resilient to short
buffer reads
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 630f5af3de3354da974c9cabbca0a24f12b14e68 commit)
commit ac53f926b7265965f6904341f62d5c1120a8c40a
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 6 14:12:18 2006 -0400
updated testing code to include <openswan/pfkey*.h>
commit 1235ba7da3637f4f6062146d2ca80b83de110c57
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 16 22:48:05 2006 -0400
KLIPS is made to use the CONFIG_XFRM_ALTERNATE_STACK feature if available.
commit 9624be3f4179905f0b07be0daa51d41aeafc982b
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 6 12:39:12 2006 -0400
updated klips module code to include <openswan/pfkey*.h>
commit 62fa7498e840f912a066127059c5b2801c5ef4ff
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 6 12:22:36 2006 -0400
updated user space code to include <openswan/pfkey*.h>
commit 7cada4376a4ab8162fbb646b78baa3400bb4374e
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Sep 6 12:22:14 2006 -0400
moved pfkeyv2.h and pfkey.h to linux/include/openswan
commit d8cdbbb536d81ae12cc8776b4998d70ae6ee3c75
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 5 01:03:42 2006 -0400
make sure that st_suspended_md is cleared, and log it's state if necessary.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 91d97cedf6c96b3d9bdc27208ce31fcfb350d7dd
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 5 00:57:42 2006 -0400
added done to end of east init, and turn on debugging for east.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b6eb38d074142cc60bcbe576731a8a1f135ff3f1
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 5 00:20:38 2006 -0400
refactored quick mode to use start_dh_secret().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 4e9ecddf004743a0067db0ded416ec9151fef8d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Sep 5 00:18:53 2006 -0400
passert() had wrong sense.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3c762bec54cbc387e778f2caac87aab3555f8eba
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 22:49:12 2006 -0400
removal of first perform_dh_secret (responder side)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5b0aaa1e0824c1ffa84c27d6955bbc0e8847adcc
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 22:23:41 2006 -0400
do not free the pluto_crypto_req --- it is a static buffer
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b7257fbe97c0d431c93fc4b51b9b7a2db06a3eed
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 22:23:15 2006 -0400
st_sec_in_use will always be true in the context given.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 49209e681b2b2c883ad4eacf5a3633a507ef9d4f
Merge: 9c6bf8d e199785
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 21:12:17 2006 -0400
Merge with /mara6/openswan/public.git
commit e199785d8e11687534569b04a3e0a6956b2086b8
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 18:23:17 2006 -0400
make sure to set helper # in child
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 1bcff8e137b815bc04b9b71491c8e4bb2ba62811 commit)
commit f89fe1ecdf4b7cb63aa431840ce384fb139b0c95
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 21:10:54 2006 -0400
fix cryptoop string values
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 3e34634c35cd82e95c30db28097612e59d58c6be commit)
commit 9c6bf8d1eed8517e4f8b030b075c1490b3a9b60c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 20:53:02 2006 -0400
make sure to unpack the nonce that was calculated.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1d89e0a6ad5514f4124a40142beb51ad533a735f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 18:24:21 2006 -0400
Diffie-Hellman asynchronous processing code.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1bcff8e137b815bc04b9b71491c8e4bb2ba62811
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 18:23:17 2006 -0400
make sure to set helper # in child
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3e34634c35cd82e95c30db28097612e59d58c6be
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 18:22:27 2006 -0400
fix cryptoop string values
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8be5430373ac0499cda552c372592df1eb88321b
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Sep 4 15:47:44 2006 -0400
refactoring to use async DH calculation functions in aggressive and
in main mode.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e53bf1d664d2ef5d878741f1e4d064022a60e084
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Sep 2 13:06:12 2006 -0400
fixed a few minor build warnings (that prevent build from completing with -Werror)
commit 1607059b5d2f85f39430a12c1cb2f72e20b5b05e
Merge: b289746 62ccf68
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 1 14:32:35 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit b289746a69b495e79f857a444e54becf9d688cff
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 1 14:32:01 2006 -0400
log loading certificates only if there were some provided.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6102d40546b28c12a3b633fb4ce7bd7399094162
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 1 14:31:52 2006 -0400
change default certificate policy to send if asked.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit eb19837dfe87459540a0ddd7eaff9d0a0ac60bea
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 1 14:31:42 2006 -0400
added hexdump code to include
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e73c4987b7ffcbe8adb670d9cd2b1de0cfadca43
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Sep 1 14:31:08 2006 -0400
program to create large file of aggressive mode A1 packets.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit a95636377f4bb48df15e19d5bcb29798da4c0cb4
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 31 21:48:00 2006 -0400
removed dead ikeping makefile
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 62ccf685a8d7bde5db3e8c00873416a10b63102b
Merge: 5d46b2f 10f157c
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Thu Aug 31 16:06:52 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit 5d46b2f1eb5d123212ab20ec024412d1df24f4c8
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Thu Aug 31 16:06:29 2006 -0400
Moved the CFLAG definition for -DKLIPS into Makefile.program and
Makefile.library instead of Makefile.inc
commit 10f157c3644bc94022bdb41c67bd2c524b31a54b
Merge: 5294ffc 46d789f
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 31 15:59:46 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 5294ffc681c8659a9d831bda6693e9349fc37fd9
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 31 13:44:00 2006 -0400
and ike= with a key length will have 5 attributes, and this must be taken into account
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from b43539e820f80ed54dab8d6ecc227b2f41ffffdb commit)
commit 3d8d2a4ee36a73dce6acd3a85fee65fd6ba60f4e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 31 13:41:59 2006 -0400
make sure that tpmeval is set to NULL.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 283bc282a745c7443bdc882b1c00187d7851968b commit)
commit 46d789f714a3a88f0893179ed923a3a6c1de3c07
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Thu Aug 31 15:47:56 2006 -0400
Actually, -DKLIPS is used a whole lot. I push it into CFLAGS for all
subdirs if USE_KLIPS is true.
commit aa1c226b16ab542dfcd590258489adceff0ee8ef
Merge: 4f825f8 3a86e35
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Thu Aug 31 15:34:40 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit 4f825f80c110559cd7aae26d7363a9e7498bbbd8
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Thu Aug 31 15:33:46 2006 -0400
We don't necessarily push down the -DKLIPS flag if USE_KLIPS is true.
This broke some cross compiling.
commit 3a86e35928a14fc4ef2b296c5606b841105f0973
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 31 15:23:26 2006 -0400
added crypto unit test setup
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 93303e8fda5d1ea6112257281aced651d48a1bfb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 31 15:21:59 2006 -0400
added missing files for PK test case.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5a7eb538ed2f528924cb99c97165935951f5189a
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 31 14:55:30 2006 -0400
added TEST list
commit e789841d3aad7613778f26450153d9ab8128371e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 31 13:48:03 2006 -0400
added missing Makefile
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c48643d6ed9d899e8aa56976f3b5343a1f99be86
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 30 17:41:03 2006 -0400
make sure to copy all the certificates in northlocal.sh
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit c9ab783d7ac4d985cd62ea6fe3e14b7d3f463f88
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 30 17:40:49 2006 -0400
updated test cases for aggressive mode
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2eef6019a679af02d3e9e5b0a095f8b94977b5aa
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 30 17:40:32 2006 -0400
make sure to load aggressive mode settings.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2b25ba1df4f6563f66f17a408904eeca80f5eb15
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 30 12:57:55 2006 -0400
when logging to stderr, only log the time once a minute, and only
if there was some activity since the last time we logged the time.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 069e75bc7934234a6a492a6c7c7f322889b05eb5
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 30 12:57:20 2006 -0400
log in ipsec whack --status what the certificate file name is.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7dea0e014f9170b67a86d7135b8f9d9a5c2211ed
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 30 12:54:40 2006 -0400
fixes to load *cert= and *ca= and dpdactions properly.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d842509527614eaaa6a636348fc60321ec03ba29
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 30 12:53:10 2006 -0400
final fixes for X.509 basic connection to work, includes timing fixes
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0a7bde04fd0c914782df81e1c4e084802ca2dd65
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Aug 29 17:28:37 2006 -0400
place certificates where they belong
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5531b24cfffeeb9d2af51742ccfe49e7b9d0bcf3
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Aug 29 16:50:03 2006 -0400
include new certificates by serialno
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d20d553919f14551b1d34fb08b01be087f7b13f6
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Aug 29 16:49:14 2006 -0400
resigned X.509 certificates with fake CA
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0de175c9a8d09192920dd1e1d9f5be5df897a180
Merge: 323acc7 3f046f6
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Aug 29 14:57:25 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 323acc7283eb5a8477ed01c3d25de6d56e2b1512
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Aug 29 14:48:04 2006 -0400
avoid continuously spamming stderr with the time.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ae27bf2448a0a77883d45a63369c5851d1ff6544
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Aug 29 14:37:23 2006 -0400
put a single LF at end of list of conns.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 20ff76c16fd38db3cb9e1141d27460117585a566
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Aug 29 14:37:01 2006 -0400
add some certificate loading code, and enable OE in default east/west
configuration files to match previous configuration.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3f046f6f49aa861073e428b3c13267887a95c1c8
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Aug 28 21:52:46 2006 -0400
We now do 2006/08/28 instead of 2006_08_28 for results directory -
adjust script to reflect that
commit 370ad43ca7ac6ceab840eec467a1158a274ca89b
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 19:24:21 2006 -0400
We don't do DES anymore.
commit 25e8d6e069267dbba2ca0713331c098fd85dae02
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 18:52:56 2006 -0400
I mistakenly brought in some incorrect error message about iptables.
commit 0517831cd90bfc8c0f66276f0d706c4f35f6633e
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 16:04:16 2006 -0400
Added NETLINK_DEV configuration. The build was stopping to ask...
commit 0cb76c705bd5e1260d69025eb7b6dee224df7f9e
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:55:10 2006 -0400
Adjusted expected refcount output
commit 4e56d54485d272caf94d2c6a838f7bdb376e6fad
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:53:33 2006 -0400
Adjusted expected refcount output
commit 2a6adf338cb0c7b3f46f30c5c1cae5108db71cc7
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:52:51 2006 -0400
Adjusted expected refcount output
commit 0c617825cea6c68738de13fd4d1a7f598ab9fc7c
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:51:54 2006 -0400
Adjusted saref reported.
We now have 2 less.
commit 4ae3e52c344c02968a7924e01e97f416a6f91ebf
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:47:56 2006 -0400
Adjusted expected refcount output
commit 1e8be522719e320acb22a4de751035a0a8810e5e
Merge: f2a481c 93ae902
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Aug 28 15:46:59 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit aa7dd61f152807007afce79fe14f447a7a65a35a
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:46:28 2006 -0400
Adjusted expected refcount output
commit 93ae9028cfbaa0997f3eea3427e7918ff2967054
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:45:36 2006 -0400
Adjusted expected refcount output
commit 39a108d76d83fed585649031f94df92b7670fbdd
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:44:42 2006 -0400
Adjust expected refcount output
commit bdea6cef0d2618e8b2d1109904ceaabbe1aed763
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:43:53 2006 -0400
Adjusted expected refcount output.
iv still seems to be set with way more data now . SO I won't touch it to make sure it is legit.
commit 742b85eb0eba444790864eca0aadaa90b59c0f1b
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:41:58 2006 -0400
Adjusted expected refcount output
commit 93bd29787a82d0e059a73e4ae56a982e9ff08317
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:40:49 2006 -0400
Adjusted expected refcount output
commit e4fec495cb5e942c0c58e65b582099142dde0168
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:39:38 2006 -0400
Adjusted expected refcount output
commit 9d16d84a89a5a7a55ad5c3fc25953c30fb9a2943
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:37:59 2006 -0400
Adjusted refcount expected.
commit d79b9afa951563a3e05c74cfa27dea997f9e45ad
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:33:10 2006 -0400
Fixed extra carriage returns.
commit 473eb013a77b7c9ca6b4a5a1463beb1f61b5e338
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 15:30:58 2006 -0400
Now using AES for default Phase1
commit f2a481c5bb37364b53b00af405d2d531eacbe169
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Aug 28 15:30:19 2006 -0400
note change to phase 1
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9765d625bf391b64d025bca063505faa4bc8c70a
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 14:42:15 2006 -0400
I had forgotten east-reject-01 in that last commit
commit 88be80613da70183a2d69d0cec190c8ada3984a5
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 14:29:25 2006 -0400
Second part to removing the output dependance of "length: "
commit 17e5e2260ac0f10a688c15f7b7af3f5107ac1fb4
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 13:31:56 2006 -0400
This will ignore the "lenght: <blah> we are expecting in the tcpdump output.
commit f805841f62081e09ce59b8459d97a62c3de8c2f8
Merge: 97ea3ef 04edd36
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 28 08:21:38 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit 04edd364af992dbf295724dbb081ef52bc62975f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 20:00:17 2006 -0400
updated test cases with aes default
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7edc22be5412f79427cba5b3f80eafad07a1597b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 19:40:53 2006 -0400
updated for aes default
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 15f7a1d9d1c5d36de33b44ffb4b7f86c9f97709f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 19:31:02 2006 -0400
test case updated
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2308bc785d771bf6afc5cf12b528160d244f6cc0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 19:11:50 2006 -0400
on kernels without klipsng support, the ref/refhim may not actually be set
to a non-zero value, so we need a phony SARef# that will be used to indicate
that the SAref has been set, but isn't relevant.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fa41d962f5322443bd72f7bb6cb4cddc20d8eac5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 18:56:05 2006 -0400
make sure that esp= and ike= is properly loaded into a conn.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0b3296e1e8a0d7c798d9ed2bd3a254df0499563c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 16:17:12 2006 -0400
make AES possibly in phase 1 by default.
make SHA1 perferred over MD5. Use term "SHA1" in files.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b96d10beb219e24dcfa4d46f533f8915193ffa9b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 13:50:15 2006 -0400
remove _confread from being installed
have ipsec look use addconn, disable ipsec manual
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit db9574eee50a62996ae3a395048340bcb4b95cfd
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 13:50:02 2006 -0400
remove _confread from being installed
have ipsec look use addconn, disable ipsec manual
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 536f453386c91c42589f9474349a45b55dff9ddc
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 13:41:27 2006 -0400
log location of ipsec.d dir
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5dad566efc1c52deca0366b16856f0a1293684d0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 13:40:53 2006 -0400
do not set --ipsecdir to default, let pluto decide
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9ef222b2d2105d5af9123ed3e6f2cc69a01b04ca
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 13:39:23 2006 -0400
turn on OPPO option, if OPPOGROUP enabled.
set nexthop to defaultroute if oppo mode.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit db2b8ac2b62b9fb6ab7a8fbb2528bb726cd0ffdb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 13:38:13 2006 -0400
note if debug is enabled
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 287dd9ed328802a7918191ad6269872cf89f9bed
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Aug 27 13:37:29 2006 -0400
OE conns were not seperately accounted for, fix it
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bfe307982beac220d885a7a2a1b156a371136b0c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 26 23:26:42 2006 -0400
add processing of %any, and introduced host_type to whack and
connections.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 95ac6287e8df84574523066bbe95125c499568a8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 26 23:25:14 2006 -0400
sanitize IPsec establish message
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6c207705a799d99725fedcb6db6d4303b7018507
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 26 23:24:49 2006 -0400
make sure to reset st_natd properly
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2462e4f544bc09b8ace4e6b632ab8a8fbe2edb8b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 26 23:23:27 2006 -0400
do not log exit code
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8e97009e7a900c98efc6a887536dc9b6e593c82d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 26 23:23:11 2006 -0400
do not print loading conn message by default
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b7bbc46988027d2e6f9f3d5990bcafdd5cfe7784
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 26 23:22:31 2006 -0400
version.c in liblwres is not to be generated
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cfa2c27fd4815c150ebb15aa83d003af660ee4bb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 26 23:20:09 2006 -0400
use Makefile.library for liblwres
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 01b15e0b3f3b63f9e769ca9a09f34e4a5a4953c0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 26 23:19:50 2006 -0400
do not output anything while parsing config files
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 0f9d4fc125cc679c4a2a69d312ba5bd27b6ee58f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 26 23:18:53 2006 -0400
adjustment of north output to include tunnel mode
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 84067e286331b67658842df08499d804b5b25639
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 26 16:11:07 2006 -0400
adjusted test cases to deal with new tcpdump and script-only changes
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 800bc004c0a62767567ffdcf19f2025173d72651
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Aug 25 21:37:35 2006 -0400
adjusted due to saref base count
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ae51eebff1f25a08f03c0783660f89a17610a608
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Aug 25 21:36:27 2006 -0400
adjusted due to tcpdump issues
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit efc5888e07b659813dc35d77068bf5f0354e819b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Aug 25 21:35:30 2006 -0400
adjusted for 2.6 and tcpdump, but test case still fails due to unknown
advanced routing issues
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 87e028783fd6d99559c5be33f22e39a8bb81a351
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Aug 25 21:26:12 2006 -0400
updated test case, ignore background issue for now
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 97ea3efec67185922194ab40b0ec5f561880d7cd
Merge: ef1c4d2 c06ba01
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Thu Aug 24 13:17:21 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit c06ba01b6198382b8bdd247784b7b7e855d02ac5
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 24 11:48:35 2006 -0400
added diagrams
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b93344c0940671755eb4a24ceaa38091663f00f2
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Aug 15 16:29:16 2006 -0400
added west-bigicmp-01 to list
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ef1c4d2a40e04a8a935638a66bf077399c0ef170
Merge: c8c6358 a4a9c5a
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Fri Aug 11 15:31:20 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit a4a9c5a9ce9bbf4d7705466479fdd6976039ad5a
Merge: 1b3aeb1 a7c2ae0
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Aug 11 13:56:28 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 1b3aeb19c5cca932e546cc31b893a2a19f5af81e
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Aug 11 13:52:14 2006 -0400
update man page with --crash
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 028c272b31b5d12129484f0ca9767e3127fecce6
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Aug 11 13:40:43 2006 -0400
the chain walking code needs to use "this" not "st"
as the state to examine.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 20feb53e601cc84bf1a4c48b1093201a26922fcf
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Aug 11 13:39:15 2006 -0400
log the IV that was used if the payload was malformed.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 989817e5940dd0fc261dd975935d54cc8c14f039
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Aug 11 13:38:02 2006 -0400
do not wait for adns child when shutting down,
just clean it up, if possible, and then kill it
if the wait failed.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 14d777fe6b2aca49dcdf5e7d30463ffb90fa2b2d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 10 10:16:11 2006 -0400
Here's a patch to fix plutos use of SIOCGIFCONF for when the buffer size
cannot hold all the interfaces configured on a system. Not sure what
the actual limit is, but it fails on a system with 2000+
This is against OpenSwan 2.4.6, but should apply to most versions I suspect,
Signed-off-by: David McCullough <david.mccullough at securecomputing.com>
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit cd529f9b9a32324f8f4d6217f6cfb741ca1b3614
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 10 10:14:37 2006 -0400
fixed test case
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit b736c86c66efe35d2cbde29b2cfc17917e3b756d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 10 10:11:53 2006 -0400
AES has 128 bit IV
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 1d74749cb0e13e70564d4dcbac1abd06921e58e6
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 9 20:50:36 2006 -0400
updated test case
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 2cde1461e2975dfaa3a146521087cf0194c3fcce
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 9 20:41:46 2006 -0400
updated test case
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 08d50334736c1c8c4bcf9a2538f6a49b994ed39f
Merge: 2a5596b b2dd54c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 9 20:38:37 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit c8c635876c5dbee61f7b6f45c1858a829b349a78
Merge: cd1f664 a7c2ae0
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Wed Aug 9 10:06:02 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit a7c2ae0a53cb44a849871e77d1651cbc71f389db
Merge: 7ae02fb b2dd54c
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Tue Aug 8 18:18:14 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit cd1f664b188c1646864d872a31833c536099ad6f
Merge: 37685a3 b2dd54c
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Tue Aug 8 18:08:56 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit 2a5596b004a35e985a5f079e49f8537ff4123e8e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Aug 7 19:44:02 2006 -0400
added back CONFIG_KLIPS_AH, as the tests require it.
commit e8855adff4d7b6983602b678f1df65fa18702005
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Aug 7 18:21:36 2006 -0400
added description files and updated tests to be script-only
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 726bc6a132842cff2829f4d293e7bc52e0096575
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Aug 7 18:20:51 2006 -0400
added description files and updated test to be script-only
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7ae02fb27e57212334ce4ea79982daf50d8df760
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 7 11:45:13 2006 -0400
Added AH support as west-ah-icmp-01 and 02 were failling.
commit ea22948dc3b5e28516ef05bbf1513d37a978f7d3
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Mon Aug 7 09:13:04 2006 -0400
Cleaned up tests east-reject-01 and west-none-02
commit b2dd54c751403f68940abb14b602eb07c6c83b87
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Aug 5 21:44:18 2006 -0400
Fix the original fix for usage of the new skb_linearize() function.
commit 630cc2dede6f045e64f98ce9f957111ecc4c6d89
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Aug 5 18:56:57 2006 -0400
AES has a 128 bit IV.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 6931065843f0c41b194f2300deb46efb2de7023d
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Sat Aug 5 09:42:51 2006 -0400
Cleaned expected output
commit 4a2fc571d628078ab17c2e0ea68661ea9634e656
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Sat Aug 5 09:21:10 2006 -0400
Cleaned some tests.
commit 0f6df7ac8f617f9b9c66fc0fc9af8442795bc612
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 3 21:19:29 2006 -0400
remove spurious debugging
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dc5a0c988f39d772d31876d15f2c894e71def3cc
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Aug 3 21:17:45 2006 -0400
east-icmp-01 test case revealed that the refcount was too high, and that the ref
was not getting initialized at all. There was no call to ipsec_sa_intern(), and
there was a missing ipsec_sa_put().
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 37685a35e6b88bed567f7893c35faf5ede2d2d91
Merge: fe08351 794627f
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Thu Aug 3 12:51:59 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit 794627f44989d1906630d4df0c3e5567e709120e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 19:40:35 2006 -0400
log the long term secret when DBG_CRYPT is set. This is needed to be able to
indepedantly confirm that the calculations are correct.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 05e2ed824edcde82b4c3a375cd09d7e143913d15
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 19:39:46 2006 -0400
added a second missing refactored file
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8b871ea0d082b8b95f2200c68110d786d44cbeb8
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 19:35:54 2006 -0400
added missing refactored file hmac.c
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 9b949c0d9100a2a4a6a9fc1fbb14b37f5f008eac
Merge: 2594cc3 df059a5
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 17:11:29 2006 -0400
Merge in all unit test changes.
commit 2594cc3a14eaa87ad4ab36be905a5124d9d5fc71
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 17:10:25 2006 -0400
updated copyright note
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit df059a502454db8bb0014b94f271093fa95ca364
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 17:10:00 2006 -0400
moved some code around to let unit tests include just enough code
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit adae57e0b085edbd19b2d57db3a9151a7751d04e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 17:07:38 2006 -0400
added random documentation files that were missing before
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e94ae6985f7fa750ec3c3b62f873e7987208ba12
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 16:57:42 2006 -0400
make sure to evaluate the variables that come from the config file
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 93a0e99e3c4e3cf5e9b3f29aa37d4b4632aa3f43
Merge: 85a50e9 dcdc976
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 16:41:18 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 85a50e96a8542810ede23493f238fefb7c42180d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 16:40:32 2006 -0400
test cases for cryptographic IKE routines
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ec08f9f5096bbba392af60a15961b112a6ddbaeb
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 16:39:40 2006 -0400
added unittests
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit dcdc9760cd6273cfc2fd441f69ac599e60a9dd77
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 2 13:39:43 2006 -0400
Back-ported reference counting from klipsng to public.
The SA API exposes an ipsec_sa_put() to release a reference on an ipsec_sa
structure. This function decrements a usage counter and if ZERO it cleans
up the object.
commit ea9ead3e33b217f4f3fdd70ab2d0f865705ca9c0
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 2 13:27:11 2006 -0400
added cscope target to Makefile.top
commit 033800bbebdee44b129a162797f361119d7482ae
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Aug 2 13:03:37 2006 -0400
First compilable public key test case.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f745b7a3cb8e16d5ad433b56b4eac894a1186b07
Merge: 38fbb1a 308641c
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Aug 2 08:57:41 2006 -0400
Merge branch 'public' into my-public
commit 80a5ae8ce297a648bcf3bb25d602312a584ce85a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Aug 1 08:42:00 2006 -0400
Split off hmac routines into a seperate file so that unit tests can link against
them.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 308641cc90c5f069d36cfa1bc6333b9d1f32e46d
Merge: 0169f2d d8a7b56
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 29 23:49:11 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 0169f2da97547d49813b270d11872476a3484bf6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 29 23:47:09 2006 -0400
turn on yydebug if verbose is given three times.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f0207bf65fd045ce78be602ec19d1908e18a39a3
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 29 23:39:59 2006 -0400
fix for aggrmode=yes problem --- this affects any type which is normally no,
which is an invertbool.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit f78285d91061c10591d4b520784061ef8cd04d00
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 29 23:38:25 2006 -0400
sanitize local tree
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5ab7a3cb209e86a58d69ca8b1db7b75637258606
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 29 23:36:33 2006 -0400
test case for aggrmode=yes situation (found from pluto-aggr-01)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 28fdc96d4bd56892f95e99617b37d1b9e0d3d2ae
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 29 23:34:47 2006 -0400
Converted to unittest (this case depends upon mast configuration)
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 125b531783eb179426884e9a6a69eefd8ec79190
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 29 21:15:14 2006 -0400
Converted readwriteconf-02 to unittest.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit d5b8d10995181771dd578d5aa647686ac3208afe
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 29 21:08:41 2006 -0400
Converted readwriteconf-01 to unittest
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit e8184e2bd67cf2996add8d54cb407bc8eba49685
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 29 21:08:19 2006 -0400
Created new test scenario --- unittest. See docs/HACKING/UnitTestParameters.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit bad1685cbd11f28c4d98da2ebc3acff9df6293e9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jul 29 20:27:04 2006 -0400
Move makecheck documentation to EmacsWiki flat files.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 38fbb1a96ac0adfea901f652a6808031f7d96859
Author: Paul Wouters <paul at xelerance.com>
Date: Sat Jul 29 16:43:19 2006 -0400
Use new 2.6.18 skb_linearize function, which takes one argument.
This is a port from CVS, original commit by Paul Wouters <paul at xelerance.com>
His comments:
Added HAVE_NEW_SKB_LINEARIZE for 2.6.18+ kernels where skb_linearize
only takes 1 argument.
Added check for new version of skb_linearize that only takes 1 argument,
for 2.6.18+ kernels.
Signed-off-by: Bart Trojanowski <bart at jukie.net>
commit d8a7b56600bb0c2e149add3df89624b6ce571dfd
Merge: 0698f0f d44e30b
Author: Bart Trojanowski <bart at jukie.net>
Date: Sat Jul 29 00:06:33 2006 -0400
Merge branch 'master' into public
commit 0698f0f77a5f417a6fd33bdbece67f5b4cd2ce28
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 28 21:53:24 2006 -0400
Convert all MODULE_PARM to module_param maintaining compatibility.
This changeset supports MODULE_PARM api, but uses it only if module_param is
not present.
commit 73abf167d9d4157c79038aeedf0e64ace1be0ceb
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 14 16:33:41 2006 -0400
This fixes a NATT+ESP bug in rcv path.
We only want to test NATT policy on the ESP packet. Doing so on the
bundled SA breaks because the next layer does not know anything about
NATT.
Fix just puts an if(proto == IPPROTO_ESP) around the NATT policy check.
commit 8c672b471c92da2f4d9592503a6fcea5cbd1e9c5
Author: Bart Trojanowski <bart at jukie.net>
Date: Fri Jul 28 21:37:23 2006 -0400
Reduce stack usage by allocating ixs and irs structures.
Prior to this change, on i386, ipsec_tunnel_start_xmit() consummed 856 bytes
of stack, while ipsec_rcv() used 324 bytes of stack.
Receive and transmit paths will now allocate the state buffer from two
kmem_cache allocators, respectively, instead of chewing up stack space.
Some additional cleanup was done to error handling in ipsec_klips_init().
commit debf6f03a62037b26a02c6b5ceb3d3d2769962b0
Author: Bart Trojanowski <bart at jukie.net>
Date: Thu Jul 6 16:11:16 2006 -0400
Fix a 64bit bug in KLIPS compression code.
A pointer difference was being cast to a unsigned int by passing it to
skb_put(), which made it into a very large positive offset and resulted
in an OOPS. skb_put() does not work with negative offsets, so we use
skb_trim() in those instances.
commit dec1a75fa6fa4117a5d11d5f73487cc83934eb74
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Jul 28 15:54:14 2006 -0400
removed CVS ID/Log information from functions.sh
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 76100fb589783f3814ff128a941919badb45cf0b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Jul 28 15:49:36 2006 -0400
updated readwrite configuration unit test to have sanitization
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit ce2cea893f7cea6429b8fbc2703edc7d1809b8d3
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Jul 28 15:26:49 2006 -0400
From: "Matthias Haas" <mh at pompase.net>
Date: Thu, 18 May 2006 16:41:52 +0200 (CEST)
I adapted Mathieu Lafons (at open-source.arkoon.net) patch to openswan 1.0
for openswan 2.4.5, to allow rsa and pak authentication for roadwarriors
(with dyn ips). This patch is at a level to say it works for me :-). any
further tests and comments are welcome.
This patch does not resolve the limitation that all roadwarriors share the
same psk, but you can have roadwarrios that do rsa based auth and
roadwarriors using psk.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 5d52fb02b597732d1f311eb706429b69335725ed
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 27 10:02:47 2006 -0400
do not turn on tcpdump option by default
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 58a00a7d2efaab47e4312ddc1c0305287fc5fa49
Author: Openswan Build <build at gimli.(none)>
Date: Thu Jul 27 10:01:37 2006 -0400
updated dependancies
Signed-off-by: Openswan Build <build at gimli.(none)>
commit 61aa4f1f4661c8598460637816624c8ea880971e
Author: Openswan Build <build at gimli.(none)>
Date: Thu Jul 27 09:38:46 2006 -0400
adjusted srcdir in pluto test cases --- it needs to be set for unit tests,
but not for pluto tests
Signed-off-by: Openswan Build <build at gimli.(none)>
commit d44e30b649943f2a158118cee97467980ebd2dc7
Author: Bart Trojanowski <bart at jukie.net>
Date: Wed Jul 26 15:41:56 2006 -0400
Added pluto support for --debug-x509 command line parsing.
It was being generated by addconn/realsetup/plutorun, but never parsed by pluto.
As a result pluto would die if plutodebug was set to "all" in ipsec.conf.
commit d56a86a81d784396cf2f0543e02440badc0bfac9
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Jul 21 16:43:21 2006 -0400
make sure to check return code from addconn.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 8d5be23744ba3a1789f43a2de329f814509d8b1b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Jul 21 16:04:20 2006 -0400
make sure that errors go to stderr
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit fe08351ff3363b8d682a4fa3291ef38cf43fb8be
Merge: 7c0a242 c6d63ad
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Fri Jul 21 05:50:13 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit c6d63ad8832825e2b9343f09db0c1f622346727d
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Jul 20 22:08:19 2006 -0400
Don't call klipinterface() twice
commit 66894410119993c4ac288d88e4a47449ad4389a9
Merge: 42cbba6 e2c32f0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 20 18:17:39 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 42cbba6f7d0e167103d176beab1c9eca85553c83
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jul 20 18:09:06 2006 -0400
make sure to initalize all protostack variables to false
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 7c0a242d880fb9177d1110993a6d5e3618c7ebd4
Merge: 31c15d2 e2c32f0
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Thu Jul 20 13:01:44 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit e2c32f0838ffe4e8365a804352700642aee99bc2
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Jul 20 12:48:32 2006 -0400
Adjust KNCF_ -> KBF_ for AGGR/XAUTH/MODECONFIG directives
commit 0a92eb3037639c53ff535e083d98f00fc12cb6b9
Merge: e5e9cca 5539298
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Jul 20 12:44:16 2006 -0400
Merge with git+ssh://vault/xelerance/MASTER/git-master/openswan.git#public
commit e5e9ccae933e732dc797a895b32de498b739bbfa
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Jul 20 12:42:55 2006 -0400
Put AGGRMODE, XAUTH and MODECONFIG config directives as booleans,
not numerics
commit 31c15d25d0290c20735aa8c8d3fcff2d9ae4e6b8
Merge: 743cf65 5539298
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Thu Jul 20 08:49:13 2006 -0400
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#public
commit 5539298c12ffc1d56bfafa60838befea8061ad8d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jul 19 18:28:20 2006 -0400
Pull up various patches from 2.4.6 branch (CVS) and from KLIPSNG (saref updates).
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 743cf650ce315cb521ce6ea183e945b7c9b033a6
Author: Patrick Naubert <patrickn at xelerance.com>
Date: Sat Jul 15 10:27:42 2006 -0400
Added CONFIG_MCONSOLE_EXEC and CONFIG_DEVFS_DEBUG
commit 8dad326f557ff6deb8471346150f2c58867bcd22
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jul 4 15:00:33 2006 -0400
Make the library doinstall: deal with having no man dir or manuals
to install.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 651800aff51607eca0d92fdac048b10381e40324
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jul 4 14:34:26 2006 -0400
Add -DKLIPS to CFLAGS, since some .h files now need it.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit 3f5a3f7fa46f781e2f4efc6b463116cf40d2d42e
Merge: 7afdd6e 7e30f80
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jun 15 15:15:56 2006 -0400
Merge with git+ssh://build@gimli.sandelman.ca/btmp/build/HEAD/2006_06_15/openswan-2
commit 7e30f8005d97e43b72feb6af82ea7db0583bbffa
Author: Openswan Build <build at gimli.(none)>
Date: Thu Jun 15 15:15:06 2006 -0400
add /sbin and /usr/sbin to $PATH to get mkcramfs.
commit 7afdd6e540133fb5fc1947c323959e3d0bb77239
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jun 15 15:00:12 2006 -0400
adjustments to make merged #public tree compile on FreeBSD
commit 77153af2dfe272522f5917e0ecf2caf7fca4e42f
Merge: f37792a 5ede68c
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jun 15 11:43:32 2006 -0400
Merge with /mara6/openswan/public.git
commit 5ede68cfafec2e77d465e3fe9c0f4352a458d576
Author: Openswan Build <build at gimli.(none)>
Date: Wed Jun 14 11:25:51 2006 -0400
updated kernel configurations for 2.6.16.18 and updated script to use
CONFIG_* not set.
commit fc4115766a421e894663f370a5b58bec9f9045ff
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 10:06:45 2006 -0400
process west-console with wilog. to deal with "tunnel mode" addition
commit 2d6c579c2db5b09e3cb433de2146b3e239dbbc85
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 09:12:01 2006 -0400
added parameter to kernel driver to indicate overlapping IPs are permitted
use this and the overlapip=yes/no (POLICY_OVERLAPIP) to decide if a
virtual IP is allowed to overlap the subnet of another connection or not
(cherry picked from 9d74ceb531ac8ec832cb76479930799b7bf8e965 commit)
commit 5807083485e65e9c425e4d62e0a51de3c4bdd204
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 9 14:46:18 2005 -0500
move definition of CONN_BUF_LEN to connections.h and prototype format_connection().
(cherry picked from 888368fa18f97db6808575308b42cd2ebd959b3d commit)
commit 7de4ac99ab7db593a27e2e6222c9de293aa4d5e4
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 00:19:38 2005 -0500
when examining virtual IP connection definitions, provide a bit smarter
logging as to what is going on, and with debugging, why each match test
has failed
(cherry picked from 5659dc92ead9b6fd5babdecd3070f2cd9efea20e commit)
commit ffbd333035a56a3c493ccca6fd21410c54bdc7b9
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 09:01:45 2006 -0400
adjusted build process to permit mast code to not be built, and just
benignly hangout with the KLIPS code.
commit ce47a2fcc88ea282abd17e40f8866da6dd434f7d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 08:36:41 2006 -0400
added new per-conn policy: overlapip, permitting subnet=vhost: to have
IP addresses that overlap
(cherry picked from e893af90aa0201fa0b3e3ddba5843f899463fbf5 commit)
commit 7f7e7347b067e67b6ef5725c07269651792480d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 08:34:32 2006 -0400
this include much refactoring of kernel_pfkey.c code into mast vs klips
functions. The kernel.c add_sa code now looks at the ref/refhim arguments
to the kernel_sa, making sure to install outgoing SA before incoming SA
so that we can refer to outgoing SA as the refhim.
kernel_mast.c now locates a useful mastXXX device, creating only one
if we need it
(cherry picked from f77d044ab9506498d71b266e4495717f677da4d6 commit)
commit e02c5f56043fb91bd4c0c53b588ae886c0fbfac7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 21 10:43:29 2006 -0500
refactor do_command_linux -> klips_do_command() with new common
functions
(cherry picked from 38d33f6138d0f507ea044b5a76614ed2f25c6ab0 commit)
commit dc3ffec8b525ce08e1850d19c8bde4e58c8421d2
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 08:32:36 2006 -0400
refactored do_command into invoke_command and into fmt_common_shell_out
and added $PLUTO_STACK, $PLUTO_MY_REF and $PLUTO_PEER_REF.
Changed PLUTO_VERSION to 2.0
(cherry picked from 5135e554bf63c81c6254ee25ae45148666426d7b commit)
commit 65f2b7554596697e7c44ddf009596239f64ddc9a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 08:24:23 2006 -0400
include new option to turn MAST options on/off.
commit 6a8df4207a5ae4ead568cf925d99973e4c641742
Merge: e9f7fa2 fff8b0b
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 08:14:45 2006 -0400
Merge with /mara6/openswan/public.git
commit e9f7fa22c42c211280ca5017c6005861136708b2
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 08:11:25 2006 -0400
make sure to include packet.h
commit 181e77b13fad3d2446379cd6622a94ed98bd9e5c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 08:11:06 2006 -0400
make interface to iface processing code.
commit 0dd2fc2ddaddf5d425cd5037bcac2dc1efce6a7a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 08:10:26 2006 -0400
move find_ifaces to stack dependant code.
commit 9ef5eb6b9ccf551e5c7588cbe0c981ccfc237017
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 08:00:16 2006 -0400
SADB->K_SADB
commit 7170babc147293c0eb54e53e798ff16df12c6da6
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 07:59:38 2006 -0400
SADB->K_SADB
commit b67ac4dc614c842f60dc9bb04953b9d1cb7ac2ba
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 07:56:56 2006 -0400
SADB->K_SADB
commit ecdc949d658207b9ba1fcb0c9848545451d63e4c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 07:55:16 2006 -0400
move find interface to system dependant code.
commit 825fa9b9bfd1c1545fb84e9c96a32735c23f2555
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 07:54:56 2006 -0400
add support for discovering if mast devices are in use.
commit 49d2f37667dd0435f6730625b8d99ef0d133f710
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jun 14 07:49:30 2006 -0400
added "mast" (klipsng) protocol stack support (clone of klips for now)
(cherry picked from 06e3f1a06fde9c5aa9e83a4368a122f4c0fc863a commit)
commit 41ff9c32215d0e270b064f813cfc1bc0c10f17f3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 20:29:46 2006 -0500
added --use-mast option to documentation and option processing
(cherry picked from 03a2a01523a6385e9f9517b9a1b964108a14bb36 commit)
commit 5489ad887ab5c94254d425425d30487a74292b6f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 20:29:28 2006 -0500
refactor kernel_pfkey into kernel_klips.c/kernel_pfkey
(cherry picked from 19ea67948edc9ca07651472cf0c566111f1b3489 commit)
commit fff8b0b22ce16b7f51342bd7949b32836602706a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 18:35:50 2006 -0400
removed inappropriate comment
commit 21052832f10abb4f1696c3ce5b010f34f0f99271
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 17:28:19 2006 -0400
added target to create .8 file from .8.xml
commit 2a0cfde9cc54358cb9db60c38393513783bfbe10
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 17:28:04 2006 -0400
adjustments to use K_ values for certain trivial things that have become
enums, in advance of full pfkeyv2.h merge
commit 40908a0c89ba300586e5f96f3222cb496cb0f0fe
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 17:09:40 2006 -0400
added nroff version of man page
commit 4b5cbeff68bfc6caf53c061c45508eadcf30ae8c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 16:59:59 2006 -0400
adjustments to source tree to pull in some klipsng refactoring/renaming
to permit it to compile --- it does not use xfrm/pfkeyv2.h yet.
commit c35863f902664fad1305d0114ebf57337a2397f1
Merge: da26652 f31b179
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 16:30:15 2006 -0400
Merge with /mara6/openswan/public.git
commit da2665258419af8feaeceae072adc1e826ebb204
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 24 18:01:40 2006 -0400
Improvements to configuration reader to deal with "config setup" section
reading and writing. Writing is more than a debug tool --- it is used
by addconn to generate environment variables for use by "_plutorun".
These patches permit mast-pluto-01 to run.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
(cherry picked from 2bb4c5694e4b99f4a869a6b7db03724060feb3f3 commit)
commit e5dda6b0d2f2d4722eea04c5be0652798f9dc950
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 16:00:32 2006 -0400
removed duplicated pfkey_sock.c
commit b322fa65ed2e9bc68825d8cf137eb42ce37d9a0f
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue May 23 10:56:47 2006 -0400
added missing pfkey_error.c and pfkey_sock.c
(cherry picked from aea68134de3e226e2417b513f21836a59995ca8a commit)
commit 164238c80c1253cb6c556a52f59d35dffcc657dc
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:58:43 2006 -0400
pluto doclifted to XML
(cherry picked from ac4c957917469bc0069909d05d1c083244c182d7 commit)
commit c21e2751a08c4d46d406b268881190f413b12c07
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 16 17:11:53 2006 -0500
added notes about how MAST works
(cherry picked from c48e1eeaee05b038b5f2766c83f3527c170b57e5 commit)
commit 24a2b8b760b075886763c9b4b6fd78e434454675
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 13:55:19 2006 -0500
minor reformat of comments.
(cherry picked from c05760d5b8ac010793da0c14b790f2c23c2051a0 commit)
commit 923850839564686e83616c1c1039b353ea38e4ca
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 13:54:32 2006 -0500
removed extraeous blank lines in log file --- moved to server()
(cherry picked from d376c9188a2010478a090db43c2d43e9cd8cc602 commit)
commit 0f1804d5c2de524655de47543bdf37b5f0ba588c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 6 16:54:13 2006 -0500
use st_localport/st_remoteport rather than md->sender
(cherry picked from d7bc7e7b98fa6b967df9a87e7ce5c5e015e92c26 commit)
commit 5e688b98396b42ae7e3c25d350afd63af474e5aa
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 6 16:53:18 2006 -0500
change word "fat" in log message --- it made no sense
(cherry picked from fa97f6500c24366cfd10100e445fe7fa14919954 commit)
commit cc42c621d58615f008825ff24d162479a95b4752
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 6 16:52:54 2006 -0500
move location of timestamp to after blank line
(cherry picked from 674e97f38e3ade3c1ba1f3dc4f02b4c7b4f4294f commit)
commit 5ed3ab39b9b8c7f9bf3314655be32815b0d3d0fa
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:53:40 2006 -0400
try swapping order of NATD payloads
commit 77cb1a4bc859c877ed1137b42d87fef6d30c80fd
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:53:16 2006 -0400
refractor so that swapping order of NAT-D is easy
commit 32c2ce756e6fd9bb907198714ee3426fc22e32f2
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:52:51 2006 -0400
send two NAT-OA during quick mode
commit 0db41fc73ca2582427c04ac527028fded1935056
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Mar 3 11:38:47 2006 -0500
when logging to stderr, put a datestamp on it
(cherry picked from be0cada17063bcb2149bbb35c81887ef0befb2ea commit)
commit a528541bbf59b8003de21847e2168c96c3a5f70e
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Mar 3 11:38:16 2006 -0500
add second NAT-OA payload
(cherry picked from 2187586ddff1906bf48aaf75e31ceb32cf215669 commit)
commit c26ff90305a8a43a143d1da7baa444f30c9cc57d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 2 23:20:10 2006 -0500
log which state is used to send a packet
(cherry picked from 458b3a29abe1cf7c22f0f33383729f6286d86873 commit)
commit 26b9a52b512f40b487ae63760e8763ab3ded46b7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:51:06 2006 -0400
[PATCH] [PATCH] make sure that extension string array is properly filled in
(cherry picked from 6530e77edff99558a7b1fca90496bd7bfed640df commit)
commit dc0fd7fb8738ff1234fcfb63cd459964e965237a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:50:22 2006 -0400
adjust roadlocal/hostlocal to use not use $1, since they get sourced.
(cherry picked from ae576f9e03e06ad46e2ea4bf427d1f50607e477a commit)
commit 6b0a4aae5c1868475c249e1bf826717b8ff2ccde
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 21:07:48 2006 -0500
added overlapip.xml
ipsec.conf.5.xml is now generated
(cherry picked from 156ea380dfcb91fd1e702f99571069cba4228931 commit)
commit 7cefee70d2bb76880bd87635979c3dafb82e163c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 19:59:08 2006 -0500
split up ipsec.conf.xml.5 into parts. some more splitting is required
(cherry picked from 280e5d5aad0bc367df6ff5065514f9a7ce9535db commit)
(cherry picked from 45c22d3f594fcb73759bf5f25cd1448bc47dd5d2 commit)
commit 8dbd9a11ba92d5514c05e847e0d667914c59ae8a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:48:19 2006 -0400
split up ipsec.conf.5.xml into pieces, so that they are more easily
maintained
(cherry picked from 9a6826fe81593698723e5e705f2d4cb63ac0c814 commit)
(cherry picked from fe467486f58451656226d9dfcfd1001d0254d8a2 commit)
commit 497978f21602c2980dc49df6a44d88fd9f7d4bb3
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 16:58:29 2006 -0500
refactor roadlocal code to make hostlocal.sh
(cherry picked from 0076c6086dc44fff7dd4750c547c59890844e544 commit)
commit c4dbef8dfb09be20e3b5b4c2c3ee9e57519f9eea
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 08:34:56 2006 -0500
added redocon.sh evaluation of other console outputs
(cherry picked from 0218850184f0eefcfcbba336c6c6edd124f754dc commit)
commit f6dd4544b979ad7aa942d5fe16ab4ab62b7fd640
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 16:09:57 2006 -0500
in barf output, remove _updown scripts --- few people edit them, so
why repeat it.
(cherry picked from 940d72e6fc5d2abed71c6cd311105a7291130d63 commit)
commit bb730c030fa77218c65beb2f5e2afb4f29ac70ac
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:44:57 2006 -0400
some fixes to start up scripts to make KLIPS the default, and to
permit KLIPS to work with new _updown interface
(cherry picked from 65488bdb22e77c4006c1ab37931938bd93f78d27 commit)
commit 1395b9a464393fffb4fbf0f767051b276822b0cc
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:42:54 2006 -0400
adjust localswitches to include private and east networks for playback
new "newswitch" has --arpreply support, so we don't need to duplicate that test
(cherry picked from 628479296259b4e8c2a25999e043e7a30c43089e commit)
commit 6851d0fb5167f55cab8aa5e483c2a4dacf2a1beb
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:41:55 2006 -0400
Added support for 2.* versions of Pluto devices.
commit e296328faf746cf5b73954c08f0d9154e92126b3
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:41:38 2006 -0400
use proper arguments to "newswitch" command
commit 7be79caafbc0c42503b3cd70e7135d3ea7aac0e9
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 20 23:13:25 2006 -0500
set ARPREPLY properly
(cherry picked from 06b910dbc7c942982e24ce45533583a65e2809fa commit)
commit fc1a7054367829899f099c00f220ec4f1241e622
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 20 12:33:47 2006 -0500
added man pages for _updown.klips
(cherry picked from 43f84429f27ca4b8617e0c71b96bbbd48b8360a1 commit)
commit 64a7c41a76e635437911a8944ea6850e016f237f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 18 22:30:18 2006 -0500
renamed _updown to _updown.klips and added _updown.mast.
Then changed _updown to call appropriate routine based upon ${PLUTO_STACK}
Changed PLUTO_VERSION (interface version) to 2.0.
(cherry picked from 1f8298e57d31be0d30631e0507d646a29d890c9e commit)
commit d971d2466cc7a5062fb8df69aa1363bc711f36a9
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 17 15:26:47 2006 -0500
only add --tcpdump if $NETJIGDUMP is actually set to a non-zero value
(cherry picked from 116df13a410a015c81622ed45447315b22bc9b51 commit)
commit 10cb8992293d00383518a7233be4f02064eb9071
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:38:24 2006 -0400
refactored uml_netjig startup code into netjig.tcl
enable --tcpdump option if environment variable
(cherry picked from cbb2341c4fd4488eaec04ac4d7bd23081b12f890 commit)
commit f31b179b15fa30bf01c65e56371bf4f37898a68b
Merge: c6855d1 935dbfa
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 15:32:20 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit d2dafad60ebd8ddb861d388e3dd3e03b944bd0d3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 19:52:46 2006 -0500
if NETDISSECT isn't available, then just hexdump the packets
(cherry picked from 4be98660cedb27cdbad0d89adee2d733f641338c commit)
commit 05533d94acd0db85f387c9a237085e360e3b56bf
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 19:52:29 2006 -0500
pluto now logs if it is tunnel mode or transport mode, deal with difference
(cherry picked from c28a43186012af034da20cf67e46203c617278d6 commit)
commit f7914976d3990b9549a50db5fb6a57bfea7aa2ff
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 12 12:22:15 2006 -0500
remove check for include/openswan.h
(cherry picked from 5597f49403b64586e7ea9b640f67887fef4c5c29 commit)
commit 42b0dec8beb3dfc11ea5223077f8d4856e239b76
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 10:40:10 2006 -0400
test case for spigrp and fix for SADB->K_SADB
(cherry picked from 613892600a8a41b5c68af124bcb48c851990b47a commit)
commit e557597f611d19ee8d9a4d00e9742d85f5dfea8f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 6 20:00:53 2006 -0500
generated ipsec_conf.5 from ipsec_conf.5.xml
(cherry picked from 75a6fcaeda3bc67fbe396a8346842ca864ffd038 commit)
commit b5ec36315267ca2b123e5c53215b6826738479aa
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 6 20:00:35 2006 -0500
add BUILD_MODULES option
(cherry picked from 817fa2ffc8ac78195b15a36c6c83920119d8e8b7 commit)
commit 8bfd41397b97fab209e4d0d7bac89e9d7a4af2eb
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 08:53:45 2006 -0400
enable building showpolicy again
(cherry picked from d2499d0ae40e774bf3ed79fa46ed5ddd195a116c commit)
commit e59f64daafc1c957f51aed7345c7f36ffda59057
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 08:50:53 2006 -0400
use progname instead of program_name
(cherry picked from ebd4ae16873971350a0b5ec4925af8bd0b073af9 commit)
commit 776999f1dbf16179e31440e59a95826e798cc07b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 3 21:30:09 2006 -0500
adjusted prototypes to match printf()
(cherry picked from a837ae45340aeff9ce242b9fd96f5649d5bdbec2 commit)
(cherry picked from ee3cb2e3bd41cd047faca9b4f3e375ec64d1a59e commit)
commit 0a0ae3884a5a017eef67403d864d63b419aabb0c
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Fri Feb 3 21:31:04 2006 -0500
added 2.6 pfkeyv2.h file to tree
(cherry picked from b5f85bd11e2527565a74fe56df92f57b1cc27856 commit)
(cherry picked from b4264acca220e58914fa7ced8949b656c275ac5a commit)
commit 1e9c9bab781c814a0f4516979892bb9c6a900b3d
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 08:36:23 2006 -0400
XML version of man page
(cherry picked from c9ee7fbca4ed54e0882092c1214437d9cf25d785 commit)
commit afcc730cc55013c81c47b575499d69c302e06109
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:13:14 2006 -0500
refactored to use pfkey_open_sock_with_error() from pfkey_help.h
(cherry picked from 3af50017dab88d2c657eeb078b01914a387c8db6 commit)
commit 57ac0e79fbfa4ebc5b1e0e9b1175630543286794
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:10:24 2006 -0500
make sure to initialize pfkey error logging routines
(cherry picked from 3e12cf5f80b0b26bc02e0aedf7a2d3aad7fc9593 commit)
commit 0118d154d9bec09e873ea464012dd59dd6a542c9
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 08:32:09 2006 -0400
added pfkey_help/pfkey_sock code.
Also use KLIPSINC as variable, so we can point to running kernel
(cherry picked from 736c8052a37fba9eb0ad70f595429a3eb91c95bf commit)
commit c6855d100fd6d1cacdcc82f3929aaba50e32f3fd
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:36:14 2006 -0500
if there is an error from uml_mconsole, ignore it
(cherry picked from 124fa39ca2dee3fd9af7a7a3be77f6b719bd7447 commit)
commit c64575990d93f3e8b1ad38300db114d258b58de6
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jun 13 08:01:26 2006 -0400
clear up looking for arpreply
(cherry picked from 34bfed4d0d6e9155b3b19c49b63a891e6b58ad6f commit)
commit 967190e342697cdc1ac4beb72363157540681dbb
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:30:24 2006 -0500
added additional argument to setupplay, to hold additional options that
might be needed (localswitches uses it)
(cherry picked from 1b346e46e35ba2baed038249e3e14d470bcab5e4 commit)
commit 128275a5ca841ade7f94076da6de303bc04aa025
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:28:28 2006 -0500
when using ontick, if we run out of packets, then rewind the file and
start again
(cherry picked from 3ee7676866615869fdf2589208ec0656f663b045 commit)
commit 33a0cb037d61ff36d23b9d5e0c71cfc6f6d2b66a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:26:16 2006 -0500
refactor process of exporting variables into "export_variables"
(cherry picked from 8fcb28fe37b61f76bb110cec6c4bc7bdb63c457d commit)
commit 298fb228d2bd869eb94ea7aae293a9a5159f1de8
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:24:52 2006 -0500
localswitches should set things up to replay the packets that the test
case specifies, using the "ontick" method
(cherry picked from 50673526c3ab2431a8949bfbcd12a43c09f2721b commit)
commit 99475cc5d12c73713610b921babc8d5959aff4a6
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:24:04 2006 -0500
add virtual console devices to udev list
(cherry picked from 95916b58c0e168fc54095b758d4c1d69d01f1941 commit)
commit 6fdb05e8ca55cd563978726616f4011ad93e7cf1
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:23:39 2006 -0500
split up uml testing text into more documents that are easier to maintain
(cherry picked from 6de99d09f60faea64781a19778f925080a19d3ca commit)
commit 01fc6766b5a2da50605762f946e50b3648b82572
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 17 11:23:17 2006 -0500
added rfc4322
(cherry picked from c2ef0c84df2bf1d626e6a6c008a477de38415a8d commit)
commit 854481e43810e157094f53ec5984785235a45755
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 17 11:22:25 2006 -0500
removed OE draft, now published as RFC4322.txt
(cherry picked from e0a3e727e32d030260d7768ace2e765dabbc9b87 commit)
commit 8d82f26c993ddd7e736c0d12cf9824c49f9767af
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 25 16:37:00 2005 -0500
move ipsec_SAtest to kunit
(cherry picked from 40e9d842cbc3f8cbf49fb3b721bf4725e73095d8 commit)
commit df754a9251121ac7209ef2d8210e99204194a9aa
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 25 15:42:13 2005 -0500
removed bogus file
(cherry picked from 854476e8169f2a7d291319380682bc1e313595b4 commit)
commit 1dac80c41c541dcbba539c129549d72c7249f490
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 23 23:30:21 2005 -0500
adjust xml man page to have spaces between "ipsec" and "klipsdebug"
(cherry picked from 29f2155ece3af59d3ddcb8677bc55531e03e916e commit)
commit 20fec2d5b846b1e6a279219543c77fd9d119afcc
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 20 23:43:34 2005 -0500
zero natd in the case where we don't detect the peer is NAT'ed
(cherry picked from dc921a9e6bd820ad443dc445cf44b10466f6100e commit)
commit 443d0473ca50e3bc353735065cee6344b617915a
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Dec 15 11:59:09 2005 -0500
Only set st_natd when if we found_him (NAT_BHND_PEER)
(cherry picked from d079a3400ccff270a5df339867023375374ff4e1 commit)
(cherry picked from ecbe234bea4c582d19d272b3832b6615cf8e8c0e commit)
commit 9a381597e763a58e31662982bbc42302838f76aa
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 20 23:14:01 2005 -0500
log if transport or tunnel mode is negotiated
(cherry picked from f5c2f57352605912ff3430596fd4e329bad69d84 commit)
commit 9ac20ae6516d3cec92a8889754a774c29fdd5db4
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 18 18:04:08 2005 -0500
include /dev/ptmx in the devices that are created
(cherry picked from 2ef6b66c587597d01f6b84325ae3d0b29ae4bf87 commit)
commit b26b4567d02757e1322e3d0e361b0696ff7c37de
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 18 18:03:56 2005 -0500
do not copy certain files that are generated when updating openswan git
tree from klips git tree
(cherry picked from da3ee725be4228a5e29579a8b62f64a206c6684b commit)
commit 666c74cee52991e2d1b4b6e5daa4f44f4f9ba69b
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Thu Dec 15 11:48:53 2005 -0500
Fix missing '
(cherry picked from f7bb5b28d5b66ea1ea66c2008ac1023011204abd commit)
commit ca2d5f4eafd3382798764399ccacbb396c0ff9e6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jun 12 20:21:31 2006 -0400
This a work-around for this in openswan, that relates to MS 818043 NAT-T
Update. I have added code to indicate if this work around is being used.
However, it isn't enough.
What this patches attempts to do, is to use the NATOA address as the
IDcr, if the IDcr has been set to FQDN.
(cherry picked from 34b80b9e34613df03681ca83286f87333b6b4d9f commit)
commit 4f355af0153d059fda59174636a33b3f39b8617e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jun 12 20:14:38 2006 -0400
removed 2.5.0sbs notes
commit 2c4a210b47d4983dec9e23c7a26590d1f3a90da4
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 21:11:05 2005 -0500
updated changelog for 2.5.0sbs4
(cherry picked from 5b18def7dcd6620f7dab29855ddf3b49c1229d9e commit)
commit a89fe89d8b2251d58194ece38afe5adae509f5a9
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jun 12 20:09:51 2006 -0400
repeat adjustments for Makefiles that is caused by Makefile.program updates
(cherry picked from 34599a0afc7ad003c92803b1c68e8b7d6fd2eb5e commit)
commit b477db18c8286fd9b8d55cbec75601af1f1f710d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jun 12 20:08:59 2006 -0400
simplify rnd.c --- remove /dev/random
(cherry picked from ed3044e3a989538ec84f0975b785fa1a27fb9cba commit)
(cherry picked from 68f0780b8c7ea3f0409b77ba547eb9c5d0e76a2c commit)
commit 8b7a1b62f9b134b6c7810b55ff7f2947975959e1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jun 12 20:05:59 2006 -0400
revert to using adns with 2.5.0 for now due to 99% usage bug in lwdnsq
(cherry picked from 9d5f7133dff2383048515471fbed28bc0f4ec44e commit)
commit ec3d6e0c99fc8cc0e13a6bdce45358f16c11b366
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jun 12 19:10:42 2006 -0400
added more documents on debugging
commit 493f993f04a039b499ce9f03274a3e7bc3429d2b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 2 12:08:07 2005 -0500
update current openswan tree
(cherry picked from 45a9be5f0c27cf671527b3e46e39cb2d3b1115c1 commit)
commit c12255adc146b0111a092d89e6491b7031401dd2
Merge: 2bb4c56 9b25efc
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jun 11 14:05:17 2006 -0400
Merge with /mara6/openswan/public.git
commit a1742cf618b0c6dd7697b16e7b30f9deba6ab901
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Jun 7 23:13:10 2006 -0400
Add addconn to list of installed files
commit 935dbfabc830d3590ea5d33145abf6654aa9605b
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon May 29 21:17:11 2006 -0400
the default should be to look for keys in DNS.
Also, if we say so explicitely, we should set the value, and unset it if
the key is provided verbatim.
commit 9b25efcbbb269e64d0b88d47e618202abb549a85
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri May 26 15:07:44 2006 -0400
added isakmp SA# to state dump of IPsec SA output.
commit 2bb4c5694e4b99f4a869a6b7db03724060feb3f3
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 24 18:01:40 2006 -0400
Improvements to configuration reader to deal with "config setup" section
reading and writing. Writing is more than a debug tool --- it is used
by addconn to generate environment variables for use by "_plutorun".
These patches permit mast-pluto-01 to run.
Signed-off-by: Michael Richardson <mcr at xelerance.com>
commit aea68134de3e226e2417b513f21836a59995ca8a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue May 23 10:56:47 2006 -0400
added missing pfkey_error.c and pfkey_sock.c
commit fe2bd24b52fff0cd90f9395b5b5d46d79bb804df
Merge: 78314d4 70fe186
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon May 22 11:31:20 2006 -0400
Merge with l2tpd_public
commit 70fe18651f902728bcb846a255a86e146d861555
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 21 22:58:22 2006 -0400
various fixes to include files to make NETLINK code compile after merge
commit dd959f0752af5680fdc612892da1886f1ec3a70d
Merge: a02b36a 70041b9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 21 22:39:58 2006 -0400
Merge with /mara6/openswan/public.git
commit 70041b9ab6a0b02ef1fa384a7d8553d1bdc9202a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 21 13:27:26 2006 -0400
Linux slave interfaces should only be looked at on linux.
Sign-off-by: Paul Wouters <paul at xelerance.com>
commit 2be343cc1af4f04e8c2a934983f25fe16f0991d1
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 21 13:21:14 2006 -0400
The issue is that whack's return code will vary, based on the last message it
received. This is excellent for manual control, and synchronous operation.
When whack is called with --asynchronous (as happens during 'service ipsec
start') there is a race condition whereby the last message whack received
might be, say '104' as above. Since 104 isn't defined in oswlog.h, and isn't
taken into account as a possible 'Success' message, it returns an error code.
The error is then passed down the line where it eventually ends up on the
'_plutoload' and is displayed to stdour/var/log/messages (not secure!) as an
error. Even though the tunnel ends up coming up.
Solution:
We need to take --async into account when we are about to exit from whack.
Sign-off-by: Ken Bantoft <ken at xelerance.com>
commit 8f8bb57ad7aa1d992549a1dbf2bc20952d779e82
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 21 12:24:55 2006 -0400
added network flow diagram of base stack
commit f37792a57d4c405d078339c87d3e3ef4a11b5934
Merge: 233ced9 4cbd0eb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun May 14 12:55:23 2006 -0400
Merge with /mara6/openswan/public.git
commit 4cbd0ebe7ddc54de0b78849467bcc9540bf3b933
Merge: 311f72b 0ec24a3
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat May 13 16:34:51 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 311f72bfd064bb303842372abc775d836d91b2fd
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat May 13 16:34:07 2006 -0400
first test case that interoperates NETKEY and KLIPS26
commit acb6986ffb4c799343c6214bdbdb9155db56c9d5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat May 13 16:29:21 2006 -0400
added netlink_sag_eroute() to permit tunnel to be installed
commit 38a1776104ad690ca00a68260a4d5ccc1be8f467
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat May 13 16:16:21 2006 -0400
added protostack keyword, and sorted out also= keyword as a conn,
not config, keyword
commit ed0a8674aa9c4b547112c0a0eb579ce5ff84e51d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat May 13 16:15:44 2006 -0400
added protostack and sorted out also=
commit 8eff18f1ff0a26b9cfe49ef34405c54c56518f62
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat May 13 16:15:26 2006 -0400
added MASTKLIPS define to list
commit 0ec24a3983742b591743f65ed09be39919c7b6d3
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri May 12 22:27:49 2006 -0400
Remove hardcoded 'cc' reference to allow crosscompiling
commit 78314d4aa13e1dacc366fd7f7f3151f68783be18
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 11 11:19:49 2006 -0400
added description files
commit 409244690d34d72b7aee155f0e4c6ab2b4abd566
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu May 11 10:26:16 2006 -0400
added missing l2tpd config file for mast-l2tp-01
commit 6414550d022ad87013dce46d379a9461383a1d91
Merge: 2fe6234 8aea5e4
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 10 11:17:50 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 2fe6234f0b980f08d40be08db38b65b8d8e8cfc0
Merge: f482afc 59f30af
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 10 11:16:51 2006 -0400
Merge with /mara6/openswan/public.git
commit f482afcdfeb41366bf8b546401924aee2e3df9b1
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 10 11:16:32 2006 -0400
maintain pluto man page with XML using XXE
(cherry picked from a02b36afb8a93e24b5cebe0572a3b3a4b75d8090 commit)
commit b742f98ebd0dddeb8c78c07378d1197cdee65bec
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 10 11:11:31 2006 -0400
note what RFC this file implements
(cherry picked from 830f98d14ef1aa9cbc0f4374f83cd1239ca84692 commit)
commit b763a5ad97cda65516f12ebcb1f182d2abb5ad82
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 10 11:11:07 2006 -0400
updated implemented file
(cherry picked from b9d8e0b682ed6e6aebc9dc1bc2b6256268284733 commit)
commit a02b36afb8a93e24b5cebe0572a3b3a4b75d8090
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 10 11:12:24 2006 -0400
maintain pluto man page with XML using XXE
commit 830f98d14ef1aa9cbc0f4374f83cd1239ca84692
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 10 11:11:31 2006 -0400
note what RFC this file implements
commit b9d8e0b682ed6e6aebc9dc1bc2b6256268284733
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 10 11:11:07 2006 -0400
updated implemented file
commit ea0bfb111f6e785f5aba4e88455dcfe0a217a37f
Merge: ac4c957 7eefad5
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 10 11:10:39 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#l2tpd
commit 8aea5e463d472d0f20301db93c093db430c9aa83
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri May 5 14:09:22 2006 -0400
Update default 'make' message to give directions for KLIPS on 2.6
commit 040850475f2ee29a10cbcc0e4bae77976a383124
Merge: 2c0fe58 59f30af
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu May 4 23:39:22 2006 -0400
Merge with git+ssh://vault/xelerance/MASTER/git-master/openswan.git#public
commit 59f30afd6e035bd06c9a644c30c30d205fe5156b
Merge: 4a34054 31015bd
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 3 16:45:15 2006 -0400
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 4a3405404ef34bfb38df958dde7e786f3b69d7eb
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed May 3 16:43:12 2006 -0400
edited notes on GDB usage to match skas0 situation
commit 233ced946dc9a3f4684a79608a4c94f83ebb331e
Merge: c7f4c12 51937ae
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Apr 27 19:17:57 2006 -0400
Merge with git+ssh://git.openswan.org/public/scm/openswan-ocf.git
commit c7f4c12d4e4d7b3b52a871f8d0e55b4c354639d6
Author: Michael Richardson <mcr at catfish.sandelman.ca>
Date: Thu Apr 27 19:03:18 2006 -0400
FreeBSD port --- compiles so far
commit c2ad13c7a32d83d3087e5c9b94fa985836aaa740
Author: Michael Richardson <mcr at catfish.sandelman.ca>
Date: Thu Apr 27 19:02:52 2006 -0400
split up interfaces.c file into two pieces, one KLIPS specific, the
other general Unix
commit 3bd09214a947f2c40686c9c07dcf3f8bf2d9be05
Author: Michael Richardson <mcr at catfish.sandelman.ca>
Date: Thu Apr 27 19:01:50 2006 -0400
use Makefile.library template
commit a027a63a6091f48c8348d74bff25a08615394bd5
Author: Michael Richardson <mcr at catfish.sandelman.ca>
Date: Thu Apr 27 19:00:49 2006 -0400
change make -> $(MAKE)
commit 31015bd7a1d2cd83e3e753cf7ebbc4236a26cb74
Author: Paul Wouters <paul at bofh.xelerance.com>
Date: Thu Apr 27 11:56:21 2006 -0400
Changed a few x509 log messages to make automatic parsing easier.
commit cb6251301ca0c21fed36df242f026533121fa283
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Apr 25 09:43:21 2006 -0400
removed redundant files from module makefile now that kernel makefile
does not use sub-makefiles for algorithms
commit 970fce95709900cc7c27615865a4bba63e3b58f6
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Apr 25 09:35:01 2006 -0400
has_private_rawkey() got restored from refactored code by mistake
commit 2c0fe58700581fab0a919b58ca4a74281cb5ce85
Merge: 23bfa87 039bdef
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Apr 25 06:50:20 2006 -0400
Merge with git+ssh://vault/xelerance/MASTER/git-master/openswan.git#public
commit 51937ae8e0d5a1725c1213782abfb48b9dc2ffe6
Author: David McCullough <david_mccullough at au.securecomputing.com>
Date: Sat Apr 22 17:04:11 2006 +1000
Fix up the copyrights to have the GPL included as well.
commit 38137df91f48ea980932fcc7012e284294ce4da5
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Apr 20 16:03:34 2006 -0400
some KLIPS_ALG #ifdef remained --- remove them
commit 039bdeff1dd36da1e55fc190fb2787de4c27c7bd
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Apr 20 15:54:52 2006 -0400
when switching connections for a refinement, make it a proper log entry
(cherry picked from a32474185a4763f38de2f31c2a7ebc5eda07953f commit)
commit a94528c25a5c74ef5018c5ac42faeeefb9caee32
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Apr 20 15:53:34 2006 -0400
adjustment of ipsec_alg so that it will build statically in kernels
that do not have LKM defined at all.
(cherry picked from 58ba1ee3beee48662a815d1f92feb7feedf30bbd commit)
commit d4d2337b91f291337b163e2231d2f2f8b851dbe3
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Nov 21 21:19:48 2005 -0500
indicate if a public key has a private key associated with it
(cherry picked from 98fd2eeac38a8959bd47623df94e7c6cec0fea1e commit)
commit 372dda3729ed8ed3eb6fa1f35baadee661375968
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 19 13:31:01 2006 -0400
remove extraneous quote
commit 96f48a51cd1bfce56b6783428b4929af6f2a1967
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 19 13:30:11 2006 -0400
added missing common clauses
commit d868abd38dd2b955f2d0f331a70b22668bc28a02
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 19 13:21:36 2006 -0400
added oe.conf to examples in case someone needs to override what they do
commit 2ed4ba48d90525b906d88fc3229b21bccdef6959
Merge: a91104e 1769b3d
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Apr 18 20:32:38 2006 -0400
Merge with /mara6/openswan/public.git
commit a91104e6f1684292ca70791736cb5dfe2d1e88d7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Apr 18 19:09:34 2006 -0400
adjusted output to deal with new refhim code
commit c490e8ccb28bba672be1cca50f133ef8c86b6db2
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Apr 18 19:07:22 2006 -0400
added missing files and adjusted makefile to compile fully
commit 1769b3dc5f3a85ccc521d7a8b7395820f41ac00a
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Apr 15 22:31:22 2006 -0400
From: "Luis F. Ortiz" <lfo at polyad.org>
via: Rene Mayrhofer <rmayr at debian.org>
The structure member pcr_len is a size_t (long) and is the first member
of the structure. The address 0xeff34bae is NOT kosher on a SPARC for a
long; it needs to be aligned on a long word boundry to not cause
alignment problems. This problem happens all the time when people port
stuff from x86 to SPARC machines. GDB will read it fine, but the
program will fault trying to use the pointer.
One possible solution, that should be safe for all architectures, is to
force the alignment of the 'reqbuf' to be the same as the alignment of
the first structure member. Since this structure is only used for
communication within the same machine, no other alignment issues will
arise.
Signed-Off-By: lfo at polyad.org
commit b0f3af2e28fc78476b33e7116f4c6481f25c49f7
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Apr 13 17:59:23 2006 -0400
KH_NOTSET if acceptable for nexthop setting
commit 23bfa87ac9362aeb5539c6a5a7e3903735054edd
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Apr 13 17:36:25 2006 -0400
Ignore MOUNTING lines, since they change system to system
commit accc811911ff45a521fdafd0deaf6a5400a2bca8
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Apr 13 17:32:06 2006 -0400
Add support for dpdaction=restart to libipsecconf - fix for dpd-06
testcase
commit 59c283f206e7122c59c94af52fcd6761de86f253
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Apr 13 17:28:12 2006 -0400
Add support for DBG_DPD, to fix dpd-* testcases
commit cfd2c06e95f520e5a650cc124417f1158063ec39
Author: David McCullough <david_mccullough at au.securecomputing.com>
Date: Thu Apr 6 15:34:04 2006 +1000
Added missing files from ocf-linux-20060331 release
commit 6c8e164f90b1df05b4578686a63fe1359e8f2db2
Merge: 4c07144 07916e3
Author: David McCullough <david_mccullough at au.securecomputing.com>
Date: Thu Apr 6 13:03:22 2006 +1000
Merge with http://git.openswan.org/public/scm/openswan.git#ocf
commit 07916e3143b32c244c74827b09424a7516c70b12
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 5 22:31:25 2006 -0400
enable pluto to use OPENSSL for cryptographic operations in order to
getcryptodev offload if available
commit ab8d2d5762d5345f545e5a553b64f3fa57c39a4e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 5 22:30:46 2006 -0400
set PROGRAM properly
commit 7157cb855206caf000780b5ce3edbf79b8887da9
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 5 22:30:12 2006 -0400
add warning about 1DES
commit b0fd17851579ab165206d0257a6e79fd50e3d96f
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 5 22:29:38 2006 -0400
permit adns to be built with uClibc resolver
commit 96df13215ee4c60458a44c85616b7ee44fa5233d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 5 22:29:09 2006 -0400
permit ipsec.conf directory to be override
commit f81bf316992b3a4c5a7bf9eaae7736417de11d2a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 5 22:28:35 2006 -0400
evaluate variables a second time
commit 822b233ec5a9d37209a017ebf6a97e490b857a4c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 5 22:27:37 2006 -0400
when looking for a default route, the first one will do
commit 2093915495a99335f1003fcbc1f4290f99472251
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 5 22:27:05 2006 -0400
switch to a properly prototyped strstr() replacement
commit 1ed2fc2d2b485fec1f5dc87eef76726be0f85ed6
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 5 22:26:33 2006 -0400
add options for OCF/OPENSSL and permit SBIN,LIBEXEC dirs to be overrode
commit afb8732d7a9c7eb37d09974f3ffc8061355dec55
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Apr 5 22:24:54 2006 -0400
add option to have all configuration files, certificates, etc. in a single directory
commit 4c07144c8e3a04b68e4674e5232611e6d6bb43b8
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Apr 4 00:50:42 2006 -0400
removed all NET_21 #defines, moving the pfkey_ops to the top of the file
(with simplified prototypes) such that it can be declared once, properly.
commit 0099b5ff65a6a3e71a3d55f6095c82d7d2f037d9
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 30 12:08:35 2006 -0500
code to actually synthesize the OE conns
commit 9c1681000e4b5cddca9d33f81663bbdbd3b07b24
Merge: a48cab3 d214557
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Thu Mar 30 01:28:22 2006 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit a48cab35b3ad2bbf9beed0321d59769670492024
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Thu Mar 30 01:27:16 2006 -0500
finished eliminating use of _confread
commit 49bc1dc7ae9e8cb37aa38ccd10a8e5537e005579
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Thu Mar 30 01:27:06 2006 -0500
added --listroute/--addall/--listroute options to be used by scripts
commit d56622eb3f71d3446e381774ef733a4a096c7904
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Thu Mar 30 01:26:38 2006 -0500
added new "oe=yes/no" option to config setup.
if this option is on, then the configuration file reader with
synthesize the implicit OE conns if they do not exist already.
commit d66514fb146e13fbf54cbf914a49e990addf905f
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Thu Mar 30 01:25:16 2006 -0500
adjustments to showhostkey --txt to product correct record
commit 2fdaf931a69c967629be6f265bf866c9d4360540
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Thu Mar 30 01:24:46 2006 -0500
change to using err_t
commit 7378e8da656f1705a412960b89d54c92a0437189
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Thu Mar 30 01:24:22 2006 -0500
be more specific about address mis-match complaints for addconn
commit e826f59b30d2310753a965c16058ce11aac83831
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Thu Mar 30 01:23:31 2006 -0500
make sure to initialize policies_dir
commit d214557e7ccbdf1617c12e1e8167a703e719cbfb
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Wed Mar 29 18:17:38 2006 -0500
Fix for modtest-noipcomp, to use CONFIG_KLIPS instead of CONFIG_IPSEC
#defines
commit 82a98808e98302d1cf8488320e7615b7c3bfb739
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Wed Mar 29 18:07:35 2006 -0500
Fix 2 #if's when building as a module and you want 3DES
commit 7a1e7a4c478bfbd75aa5bbe6aaa7afeded3dbc38
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Wed Mar 29 17:24:34 2006 -0500
Add missing #ifdefs for CONFIG_KLIPS_DEBUG so we build with DEBUG
undefined
commit 43bec20e0e2723cbe921af91a7c84c9fb1e0507f
Merge: a509755 bf6ad95
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Wed Mar 29 16:59:10 2006 -0500
Merge with git+ssh://vault/xelerance/MASTER/git-master/openswan.git#public
commit 06e2364448922a1d0a18142655483ab9581df772
Author: Michael Richardson <mcr at gimli.(none)>
Date: Wed Mar 29 16:51:46 2006 -0500
make sure to initalize rsakeyid and keyid to NULL
commit bf6ad95094619a38ad69f70688da415bab39b836
Merge: 03bd775 ef29f13
Author: Michael Richardson <mcr at gimli.(none)>
Date: Tue Mar 28 22:35:10 2006 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 03bd7752c35be9b663d494f1ad1cc35c985b511d
Author: Michael Richardson <mcr at gimli.(none)>
Date: Tue Mar 28 22:34:02 2006 -0500
fixed char/unsigned-char issues.
commit a509755a31201da0fbc31a4c886a5de4e6e4b7da
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Tue Mar 28 20:26:28 2006 -0500
Add tests for SMP and non SMP builds
commit ef29f1388d2ac51e71438c8420d46fa84415a860
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Tue Mar 28 16:05:14 2006 -0500
Fix for KLIPS on 2.6.16 - need to include <net/arp.h> now
commit e01551c5fd2a80f73286a4d3222af05e9f4f94ba
Merge: af80696 f4133eb
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Tue Mar 28 16:03:55 2006 -0500
Merge with git+ssh://vault/xelerance/MASTER/git-master/openswan.git#public
commit f4133eb1561bb0223eb6d7c071b7a654401aef5d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 5 22:47:43 2006 -0500
update to use more sophisticated git tools
(cherry picked from da024349eba7d8dabc123f1d6e6cd16aaef23aa0 commit)
commit 41f3a65e9b8aa4e411f8a9b37eb6d918df1a3a04
Merge: 3956e64 f04f820
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Mar 24 10:15:53 2006 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 3956e64aaad7b4abed14e97aa78289fb04aaf65b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Mar 24 10:09:05 2006 -0500
fixed dns conn to not repeat subnet=
commit 88102afb63eaf97464bc2fccec6397f8c15c8328
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Mar 24 10:03:28 2006 -0500
changes for addconn
commit e09693f0b3a7419e4e9f4f7c6f53db1a3260e428
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Mar 24 10:01:04 2006 -0500
adjusted same_id() so that ID_NONE is a wildcard.
(maybe need to introduce ID_ANY)
commit f04f82042f4c3a1499dfef533e8fb033af6dc59a
Author: Patrick Naubert <patrickn at mac.local>
Date: Thu Mar 23 10:38:28 2006 -0500
aggr test was taken from x509 tests but not renamed properly.
commit 2386a91d6db31d74f5b21627bc24783bac8dc4ce
Author: Patrick Naubert <patrickn at mac.local>
Date: Thu Mar 23 08:30:25 2006 -0500
'make env' is called to setup the environment, but as far as I can tell,
the environment is already setup by the calling scripts.
I will stub this out until someone screams.
commit dfbf5508b5334d37c2cc3f0aac623819a48226f0
Author: Patrick Naubert <patrickn at mac.local>
Date: Thu Mar 23 08:14:04 2006 -0500
umlXhost refused to print out OUTPUT in results.
It seems it was doing it on purpose, and I don't see a reason why.
I am forcing OUTPUT until someone screams.
commit 09cf1c824a282323968d99625aaf0d67f4e7522b
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 23 05:10:48 2006 -0600
remove efence settings that won't work when not building without efence
commit 011fac0ff6dc3cb78bee7f793d6919ac94fe19fb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 23 01:13:55 2006 -0600
added missing files from refactoring
commit 8ed457af9c64ce01c4a31d5b6c217094a9e106fc
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 23 01:06:01 2006 -0600
fix against new certs.h
commit c0f9afc0fb3516fc066aef87954a9eaa1f07e4f2
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 23 01:05:41 2006 -0600
turn off electric fence by default
commit 324c79e87dad564a8ec6be4be7713e1074470eef
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 23 00:54:24 2006 -0600
update to goal file for showhostkey test case
commit dadace40d068db55ebda6dffcc360c7688a26140
Merge: 0ed1280 7d9f766
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 23 00:54:10 2006 -0600
Merge with /mara6/openswan/public.git
commit 0ed1280346ebae1376ea421ae5869878662fad78
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 23 00:50:37 2006 -0600
added implementation for:
--list-keys
--txt gateway
--left
--right
--id
--rsaid
commit 94c8adc79b913410a80555b2d07352f6f2d0808c
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 23 00:49:40 2006 -0600
added verbose argument to control openswan_log() values in cert and rsa
loading functions.
move id_list to id.h, and made definition public.
added mpz_to_n2() that figures out proper size of buffer and allocates it.
added secret iteration function osw_foreach_secret()
change idtoa() to insert %any if the address is the any address.
added many member accessor functions for secret list
added osw_check_secret_byid() using iterator.
make ure that osw_find_secret_by_id() copies when his_id is NULL
when loading a default key (:RSA), this implies %any/%any (in v4 and v6),
so add IDs of this type so that things will match up properly.
commit 232c740647447b734983c3472db115bf75de14d7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 21 21:56:55 2006 -0600
comment when we load the connection
commit 775a85b4065c9ceb239a6493c8929ff115751c60
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 21 21:55:28 2006 -0600
the real problem was that the default is set up with the defaults but
we only applied the default if there was an explicit %default, but we should
actually always apply the defaults
commit f6de24eebfce71530006e88dbd21323827fd4a3d
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 21 21:51:14 2006 -0600
adjusted pfs to be on, which is correct default
commit a331002126077139d32a628db3d987b77f273150
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 21 17:50:06 2006 -0600
make sure to set up system defaults --- they are different than %defaults
commit 6ada78da7a704f4b00b64e4c869ae668862899fe
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 21 17:49:40 2006 -0600
write out type=transport properly
commit de8ec6b9142a4b01944cd7e42b1cd3d23dfb12a9
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 21 17:14:58 2006 -0600
routines to write configuration files
commit 5986f8afd35152786bc83825b10ab9e0feb7fdae
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 21 17:11:20 2006 -0600
removed errant replaywindow from non-manual conn
commit 7d9f76605deb2671092e4cea9831b5993b71cedb
Merge: c19bf10 8233108
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Mar 21 14:27:40 2006 -0600
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 91f2688e74ad0cc8c1de07407725eef87859a4f1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 14:25:51 2006 -0600
basic test program readwriteconf found a problem with the also
processing --- it didn't allocate space for a trailing NULL when
it expanded the also list.
commit e5dac6f9dd6359fa2a2f631d3ba31c0667f71445
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 14:25:06 2006 -0600
basic test case for readwriteconf
commit 177245983c82aea97b2165f7092dcc8e62c248d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:33:57 2006 -0600
add some logic/skeleton to dump keys in different DNS-related formats
commit daf2ab6da1c658c36d78436d0c59b8bdc0da6ffe
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:33:18 2006 -0600
first version of addconn that can load a conn --- it would work,
if not for additional bugs in parsing/conversation routine
commit f9c5d687973a27052366a19a0b8b3c323b3b31a4
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:32:43 2006 -0600
use "runit" function so that --showonly works properly
commit 5729865791f2de07e880344fca1563943a3a855d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:31:59 2006 -0600
use alloc_kwlist(), which clears things. this fixes some problems
when the structure isn't zeroed properly
commit f4b8e574bc20c1a93ac185beb34d698344f6af6d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:31:22 2006 -0600
when loading and also-processing conns, we may only care about one,
so don't just error out those ones, but don't fail loading subsequent conns
commit aa134c5241f5167c80378831ee5937235f2c4668
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:30:39 2006 -0600
created new program skeleton to just debug read/writing of config files
commit 479b49aa5f375be416beca5d20336fbd39c73564
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:30:16 2006 -0600
move more files to libipsecconf
commit 7c26c63f27d820ab2a67d7e4d2e3dde3d20866a5
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:29:36 2006 -0600
removed it.
commit a472dde00af6cbe2ec59152ca2e0483dcb6cbb7d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:28:54 2006 -0600
put -llibrary in seperate flag so that dependancies work properly
commit 3dd28407db83c2c9beeab47a9d83807a874e66d5
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:28:28 2006 -0600
moved get_pass, etc. from whack.c to whacklib.c
commit 0bc1e4429e3f0af825b6e1603e5501cd58c804a3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:27:35 2006 -0600
remove VIRTUAL_IP #ifdef, as it changes structure sizes
commit ffb36cc370e9fc6de7ffc3219d2fe49b3d8eb96e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 20 11:27:05 2006 -0600
added ipseckey type to nameserv.h
commit ac4c957917469bc0069909d05d1c083244c182d7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 19 15:58:06 2006 -0600
pluto doclifted to XML
commit c19bf10a17be32ee46fe5374f1216c94065abab7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 19 13:55:37 2006 -0600
remove todo files --- this experiment didn't work
commit 8233108baebddf2e1ef2852833aeaca92966c45b
Author: Patrick Naubert <patrickn at mac.local>
Date: Fri Mar 17 14:58:15 2006 -0500
Revert "set leftnexthop= for OE conns"
This will bring the %trap route back, and OE will still work.
This reverts 1727b239b3d277f70d4d0054f441a0fe15ba8685 commit.
commit 23b16cf8e2cd4d7f13413c47a1ed19afda7b5337
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Mar 17 09:16:23 2006 -0500
add note about 2.6 KERNEL code may be broken
commit 7eefad5bffbada16189fa5f2f7c84faaeded1354
Author: <paul at earsken.(none)>
Date: Fri Mar 17 00:18:14 2006 -0500
Michael renamed ref/refhim -> st_ref/st_refhim but forgot to update
kernel_mast.c
commit c48e1eeaee05b038b5f2766c83f3527c170b57e5
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 16 17:11:53 2006 -0500
added notes about how MAST works
commit d0b539e302e8c02361c6a55941e04a5e0484c653
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 16 16:11:45 2006 -0500
updated test case results
commit dd64c5d892bd57022154d6533d0b33cb47ef109c
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 16 16:11:29 2006 -0500
renamed ref/refhim -> st_ref/st_refhim.
when installing the outgoing SA, we need to it sometime, even if
refhim is already set, so we need another variable to do that.
commit b5b471034a73889a548aad6331f09ca9745580af
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 16 12:01:54 2006 -0500
try more general effort to keep references
commit 3ffd128dae63de00599b911fb6cd67feea1b0ff0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 16 12:01:44 2006 -0500
log refme/refhim in whack --status
commit 154fc07668c015ae343482e8a94f3ac9d21cd492
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 16:05:46 2006 -0500
l2tp-01 test case does not use mast
commit 52c684d0b081292dd1136582ae2ce632ce6ce456
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 16:04:49 2006 -0500
added mast-l2tp-05 test case which rekeys the IPsec SA that the l2tpd
is using, to check that the l2tpd doesn't get confused.
commit fa79f4ab1cd3fc9f2392827f2edc79060c2e8b1b
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 16:02:14 2006 -0500
make "restart" (rs) more useful when scripts are not in $CWD
commit 5de6ee291fc528ec177b747819a8868a4444c08c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 14:03:51 2006 -0500
updated descriptions
commit 8bb6d835911919138890feb3d827abbec9d93ec4
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 14:03:45 2006 -0500
set protostack=mast
commit 394579081bc4601411fb98509efb501844531a2b
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 14:03:32 2006 -0500
mark effort as done
commit 401d152caa76555488b363415d1e0d1443730e0c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 13:55:35 2006 -0500
code to keep refhim during a rekey
commit c05760d5b8ac010793da0c14b790f2c23c2051a0
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 13:55:19 2006 -0500
minor reformat of comments.
commit d376c9188a2010478a090db43c2d43e9cd8cc602
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 13 13:54:32 2006 -0500
removed extraeous blank lines in log file --- moved to server()
commit e4a1fa0f37e992bb39ae68e476b9871acf4c7867
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 12 15:48:50 2006 -0500
added --version and --verbose
commit 86b3476ae0710982df054a50d7cc49142f1b418d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 12 15:46:59 2006 -0500
adjust version code information
commit 881329431e6f4ed11717e03ba656e7495bd6b4b2
Merge: b3ee8b7 250d151
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 12 15:34:27 2006 -0500
Merge with /mara6/openswan/public.git
commit b3ee8b7d2fe88aa3aca68fe258fd146856929aab
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 12 14:53:39 2006 -0500
add additional prototypes to certs.h
commit f411a3c891d04d55adaf86ed8c600561a7be8f18
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 12 14:53:23 2006 -0500
always log loading of private keys --- not just debug anymore
commit 8ed789f333bf6e40cad75bc33ebd0c71ccd81679
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 12 14:53:01 2006 -0500
duplicate ${OSWLOG} to get rid of circular dependancies
commit d85f88dfd6b567f4c04e1c305963d7c0f8a934c8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 12 14:52:35 2006 -0500
enhanced test case with some comments about expectations
commit fca12b332b435426ff07f30da39d4f03b8537ec7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 12 14:52:08 2006 -0500
added --verbose and --version.
removed awk version
commit 21cbe1d324d0fe1ba08d91a103fd6583909437e1
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Mar 12 14:51:12 2006 -0500
add man page skeleton for addconn
commit d7bc7e7b98fa6b967df9a87e7ce5c5e015e92c26
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 6 16:54:13 2006 -0500
use st_localport/st_remoteport rather than md->sender
commit fa97f6500c24366cfd10100e445fe7fa14919954
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 6 16:53:18 2006 -0500
change word "fat" in log message --- it made no sense
commit 674e97f38e3ade3c1ba1f3dc4f02b4c7b4f4294f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Mar 6 16:52:54 2006 -0500
move location of timestamp to after blank line
commit 3b13864d113ffe2f8e3f5a969cd2603cd0f2a595
Author: <mcr at earsken.(none)>
Date: Sun Mar 5 21:21:38 2006 -0500
try swapping order of NATD payloads
commit 57dbcc3e9489e9c2eb120399986bf80f81bf093b
Author: <mcr at earsken.(none)>
Date: Sun Mar 5 14:27:15 2006 -0500
refractor so that swapping order of NAT-D is easy
commit 462b7bf2f73cca673dbcfafa8ad3cbe1c2b9457f
Author: <mcr at earsken.(none)>
Date: Sun Mar 5 14:24:26 2006 -0500
send two NAT-OA during quick mode
commit be0cada17063bcb2149bbb35c81887ef0befb2ea
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Mar 3 11:38:47 2006 -0500
when logging to stderr, put a datestamp on it
commit 2187586ddff1906bf48aaf75e31ceb32cf215669
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Mar 3 11:38:16 2006 -0500
add second NAT-OA payload
commit 458b3a29abe1cf7c22f0f33383729f6286d86873
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Mar 2 23:20:10 2006 -0500
log which state is used to send a packet
commit 1b939f66fbf9f6ec819bf61f537bfb8f0a9c710d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Mar 1 09:39:38 2006 -0500
removed #include <net/dst.h>
commit cd6113c3a8ba033cf385d38a459a2a71a7d0d90c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 15:39:58 2006 -0500
[PATCH] [PATCH] if outif extension is not specified (such as when using KLIPS), then
commit 9543b1c7d2970da9d7b36d9d689e4a57f61e6f63
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 14:31:00 2006 -0500
[PATCH] [PATCH] rename ipsec_tunnel_cleanup()->ipsec_xmit_cleanup() and move it
commit 73667decaefd9cbb2b4f18b0c20278921ddcda4a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 14:29:24 2006 -0500
[PATCH] [PATCH] removed unneeded debugging in outif initial setup
commit 98617e103d0c4ec30e0bd1b451af73d914155f78
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 27 19:25:46 2006 -0500
[PATCH] [PATCH] when auth fails, make sure to log the replay #
commit 6fdd701e7dbd791ed9038e98758aae98023ed208
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 27 19:25:31 2006 -0500
[PATCH] [PATCH] increase size of default hard header so that there will space headroom
commit 3998a6a20fe093ac99eed5badd3676a53f593ec3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 27 18:38:49 2006 -0500
[PATCH] [PATCH] change flags for dumping to xmit+verbose
commit 111e4d5580cade8225a292ee86eda9bec66d4c82
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 26 22:44:05 2006 -0500
[PATCH] [PATCH] added nat-encapsulation for mast output path
commit 6530e77edff99558a7b1fca90496bd7bfed640df
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 23 20:21:37 2006 -0500
[PATCH] [PATCH] make sure that extension string array is properly filled in
commit b9dd56f22a58c076669691ba0d5b7b88267b03ed
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 22:59:51 2006 -0500
check for situation where we are going to use SAref, and avoid the
whole installing of eroute's in that case
commit ae576f9e03e06ad46e2ea4bf427d1f50607e477a
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 22:59:06 2006 -0500
adjust roadlocal/hostlocal to use not use $1, since they get sourced.
commit 0cc864d4694651b997ecc3910ed2ef1ceb7bc854
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 22:58:33 2006 -0500
make sure the clear out iptables when starting
commit ddadb16dcdf32b0ef7812f0de016cb03d153f5d0
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 21:13:43 2006 -0500
removed some additional SAref debugging from pluto and scripts
commit 9d74ceb531ac8ec832cb76479930799b7bf8e965
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 21:09:36 2006 -0500
added parameter to kernel driver to indicate overlapping IPs are permitted
use this and the overlapip=yes/no (POLICY_OVERLAPIP) to decide if a
virtual IP is allowed to overlap the subnet of another connection or not
commit bbb71e985ce6a71d675bf699e3c744b6136f67ee
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 21:08:51 2006 -0500
turn off shell debugging in _updown.mast.in (set -x)
commit 156ea380dfcb91fd1e702f99571069cba4228931
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 21:07:48 2006 -0500
added overlapip.xml
ipsec.conf.5.xml is now generated
commit 45c22d3f594fcb73759bf5f25cd1448bc47dd5d2
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 19:59:08 2006 -0500
split up ipsec.conf.xml.5 into parts. some more splitting is required
(cherry picked from 280e5d5aad0bc367df6ff5065514f9a7ce9535db commit)
commit fe467486f58451656226d9dfcfd1001d0254d8a2
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 19:49:17 2006 -0500
split up ipsec.conf.5.xml into pieces, so that they are more easily
maintained
(cherry picked from 9a6826fe81593698723e5e705f2d4cb63ac0c814 commit)
commit 250d151a2807fdd5ed459635433a4155c74e9403
Merge: 280e5d5 7c16b90
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 19:59:46 2006 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 280e5d5aad0bc367df6ff5065514f9a7ce9535db
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 19:59:08 2006 -0500
split up ipsec.conf.xml.5 into parts. some more splitting is required
commit 9a6826fe81593698723e5e705f2d4cb63ac0c814
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 19:49:17 2006 -0500
split up ipsec.conf.5.xml into pieces, so that they are more easily
maintained
commit e893af90aa0201fa0b3e3ddba5843f899463fbf5
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 18:20:56 2006 -0500
added new per-conn policy: overlapip, permitting subnet=vhost: to have
IP addresses that overlap
commit b73ca4c04c7d12bf9c84c15843c5102706e998d4
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 17:12:36 2006 -0500
move declaration of useful_mastno to header file, such that it can
be checked in the add_sa routine, and only set the outgoing IF
if we have found a useful mast number
commit d2388c529079675fe1958d9635d7ff39e9052e26
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 17:11:39 2006 -0500
added l2tp-04 test case: three clients, behind two NATs
commit ae5b63843df1dccba7f1f68cec4c30ee4b68c1b8
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 16:59:34 2006 -0500
l2tpd is now aware of IPsec SAref stuff, but needs to have this
feature enabled, since it can fail on hosts without SAref
commit f7fedda4a81f8962c7bbdc044212b1fd32aace72
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 16:58:47 2006 -0500
added japan-* conns
commit 0076c6086dc44fff7dd4750c547c59890844e544
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 16:58:29 2006 -0500
refactor roadlocal code to make hostlocal.sh
commit 487e10ea55e47878c0169eb788d752be8079cbcb
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 16:03:54 2006 -0500
test case for two clients behind 1 NAT, using KLIPSmast
commit 1adb8d9a300f08d9e7031b86c29030d3ea01999b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 08:35:29 2006 -0500
small additions to l2tp setup
commit 0218850184f0eefcfcbba336c6c6edd124f754dc
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 08:34:56 2006 -0500
added redocon.sh evaluation of other console outputs
commit e6e9b326692ecc8fc2f96299b5009c843efc42cd
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 28 08:34:00 2006 -0500
set the outgoing interface for the SA
commit 4d5860f8f17c11126b93a924307a0d2d8a6194a6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 27 22:04:01 2006 -0500
copied mast-l2tp-02 test case first
commit ea6572da9dd298faf8e5cbd5b9ee0d00f7b317c6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 27 21:51:12 2006 -0500
test case for 1 client behind 1 NAT
commit 98c79be8828495d3097060fa65d5b5d2105500b3
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 22:53:56 2006 -0500
adjust configuration to use klipsmast
commit 06f683f439cec07d97b847c32df76d81991ac2b5
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 22:21:33 2006 -0500
template for test case using klips-mast
commit b57a3fa9b1464df50f5c4665f67d006138e51f58
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 18:33:01 2006 -0500
added test case for host to host using KLIPSmast
commit 9ccde12b94a5bb1ec29d6e43a3a37e4ef72f6b47
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 16:47:24 2006 -0500
insert holes for port 500/4500 into OUTPUT chain so that IKE packets
can get out.
commit 14f9ba3e166ad0975f0f0fd0690cf925db77b789
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 16:46:38 2006 -0500
update ipsec look to dump IPSEC table as well
commit 940d72e6fc5d2abed71c6cd311105a7291130d63
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 16:09:57 2006 -0500
in barf output, remove _updown scripts --- few people edit them, so
why repeat it.
commit 0b4cb7c20822e7a56fb139abe34fc255e2860448
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 16:09:36 2006 -0500
added ref/refhim output to ipsec look
commit 65488bdb22e77c4006c1ab37931938bd93f78d27
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 16:08:02 2006 -0500
some fixes to start up scripts to make KLIPS the default, and to
permit KLIPS to work with new _updown interface
commit f77d044ab9506498d71b266e4495717f677da4d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 12:49:49 2006 -0500
this include much refactoring of kernel_pfkey.c code into mast vs klips
functions. The kernel.c add_sa code now looks at the ref/refhim arguments
to the kernel_sa, making sure to install outgoing SA before incoming SA
so that we can refer to outgoing SA as the refhim.
kernel_mast.c now locates a useful mastXXX device, creating only one
if we need it
commit c0b66ee1601e453ca024b4845e0f600f7ffdd528
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 12:48:08 2006 -0500
log ref/refhim in IPsec SA established message
commit 82f13b11e45ae0fcf663fabd168dbf09fb63d29e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 12:46:21 2006 -0500
added ref/refhim members to kernel sa structure
adjust add_sa to have non-const kernel_sa
adjust "op" parameter to use enum
commit 628479296259b4e8c2a25999e043e7a30c43089e
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 12:45:18 2006 -0500
adjust localswitches to include private and east networks for playback
new "newswitch" has --arpreply support, so we don't need to duplicate that test
commit d076fd5a6ed6a1d4aa93fc8480dc6ee8a08213f7
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 12:44:31 2006 -0500
much simplified _updown.mast routines --- it does less, but what it does
it does correctly. In particular, it uses PREROUTING rather than FORWARD
commit d020a5273725738fbfadd0395d9f0fc0a8558efe
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 22 12:43:42 2006 -0500
test case to try using KLIPSMAST methods with pluto
commit 9bc28ec08e099e2f3315dfe8abb7e3006e7555e5
Author: <patrickn at darkstar.tygerteam.internal>
Date: Tue Feb 21 11:16:31 2006 -0500
Added support for 2.* versions of Pluto devices.
commit ad14f6a62b9bb72ae2c24bd8797571e85bef4bcc
Merge: 30f382b 38d33f6
Author: <patrickn at darkstar.tygerteam.internal>
Date: Tue Feb 21 10:48:18 2006 -0500
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#l2tpd
commit 38d33f6138d0f507ea044b5a76614ed2f25c6ab0
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 21 10:43:29 2006 -0500
refactor do_command_linux -> klips_do_command() with new common
functions
commit 06b910dbc7c942982e24ce45533583a65e2809fa
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 20 23:13:25 2006 -0500
set ARPREPLY properly
commit 7ff65ad54ed7c43868cae6d6e0eb381ccd212215
Author: <mcr at FC4-test.(none)>
Date: Tue Feb 21 02:20:28 2006 -0500
adjust klipsdebug to use properly sized extensions[]
(cherry picked from ff2aa0646d679c636bf8b41564714478be81e3d3 commit)
commit 30f382b74cf29091da25e3938ef8d71b0ef3f68e
Author: <patrickn at darkstar.tygerteam.internal>
Date: Mon Feb 20 19:38:23 2006 -0500
Revert "set leftnexthop= for OE conns"
This reverts 1727b239b3d277f70d4d0054f441a0fe15ba8685 commit.
commit 677459bcac1b03c9780bedada00315c9f8375e1c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 20 12:42:00 2006 -0500
added man page for mast device
commit 43f84429f27ca4b8617e0c71b96bbbd48b8360a1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 20 12:33:47 2006 -0500
added man pages for _updown.klips
commit 23d3ccdef750e51108cbda36e4256e52ea3a4ad0
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 20 11:57:40 2006 -0500
make sure that --dumpsaref works properly, and fix test case for new output
commit 067ea821a18b9da36082a967e88a51d4406e822f
Merge: 23a12c6 129e409
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 20 11:44:18 2006 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#l2tpd
commit 23a12c6348292dae813c1795c39a7136c3dd1d99
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 20 11:42:54 2006 -0500
update size of extensions to K_SADB
commit 5135e554bf63c81c6254ee25ae45148666426d7b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 18 22:33:26 2006 -0500
refactored do_command into invoke_command and into fmt_common_shell_out
and added $PLUTO_STACK, $PLUTO_MY_REF and $PLUTO_PEER_REF.
Changed PLUTO_VERSION to 2.0
commit 1f8298e57d31be0d30631e0507d646a29d890c9e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 18 22:30:18 2006 -0500
renamed _updown to _updown.klips and added _updown.mast.
Then changed _updown to call appropriate routine based upon ${PLUTO_STACK}
Changed PLUTO_VERSION (interface version) to 2.0.
commit 129e4094875ac4e88fc953d4c637bcf056b2f348
Merge: 6e2a167 116df13
Author: <patrickn at darkstar.tygerteam.internal>
Date: Fri Feb 17 15:34:42 2006 -0500
Merge with git+ssh://vault.xelerance.com/projects/xelerance/MASTER/git-master/openswan.git/.git#l2tpd
commit 6e2a1678180404f132f0d7c4f6aab019ab7d468a
Merge: 4573a58 7c16b90
Author: <patrickn at darkstar.tygerteam.internal>
Date: Fri Feb 17 15:33:21 2006 -0500
OE is started. Why west-console.txt would not have the trap routes, I don't know.
commit 4573a58cb0e2048e63d19f44ba62b89fc2feaaed
Merge: 4f3c56f 8f97def
Author: <patrickn at darkstar.tygerteam.internal>
Date: Fri Feb 17 15:32:34 2006 -0500
Cleared up testcases. Mostly because of added debug messages from pluto.
commit 4f3c56f777353b15d16c01f51022ab54cab611af
Merge: 415ed7a d526361
Author: <patrickn at darkstar.tygerteam.internal>
Date: Fri Feb 17 15:31:54 2006 -0500
Major KLIPS test fixes. Now getting 81% success rate.
commit 415ed7a8e01dcaf0d3529dfd541f9c73ad44fa38
Merge: 93e7b75 3e42b97
Author: <patrickn at darkstar.tygerteam.internal>
Date: Fri Feb 17 15:27:55 2006 -0500
Remove OUTPUT files from /testing
commit 116df13a410a015c81622ed45447315b22bc9b51
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 17 15:26:47 2006 -0500
only add --tcpdump if $NETJIGDUMP is actually set to a non-zero value
commit 93e7b755106f20d11a31eea57923e71db9c2d136
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 17 10:03:08 2006 -0500
added support file
commit 490248ef6810228535fd8db078481aca08f252a4
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 14 20:43:22 2006 -0500
slight reorganization of device probing code.
Note that we can not rely on "q" being NULL only when the device is not
found, since that variable is used again in the found loop, so just
create an explicit bool to indicate when we have found something new.
commit 16bafb46688b3ba62fef2f0ab60b9502dcba7b53
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 14 20:25:01 2006 -0500
this is the first attempt to use mast devices in pluto.
the _startklips and _realsetup scripts attempt to do the right thing
with the mast stack (which is to load klips, but not do any weird
calculations of defaultroute, etc)
Pluto now has a new kernel stack called "mastklips", which configures
a mastXXX device for each real interface that it finds. The only reason
to configure things at all is because it seems that the kernel won't
route to things that don't have IP addresses.
This version starts up, but can not yet negotiate an SA
commit 06e3f1a06fde9c5aa9e83a4368a122f4c0fc863a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 20:37:46 2006 -0500
added "mast" (klipsng) protocol stack support (clone of klips for now)
commit 03a2a01523a6385e9f9517b9a1b964108a14bb36
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 20:29:46 2006 -0500
added --use-mast option to documentation and option processing
commit 19ea67948edc9ca07651472cf0c566111f1b3489
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 20:29:28 2006 -0500
refactor kernel_pfkey into kernel_klips.c/kernel_pfkey
commit e24d138ff051b16cf98d1edef237e5746e4df1e4
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 19:53:53 2006 -0500
switch from SADB_EXT_MAX to K_SADB_EXT_MAX
commit cbb2341c4fd4488eaec04ac4d7bd23081b12f890
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 19:53:19 2006 -0500
refactored uml_netjig startup code into netjig.tcl
enable --tcpdump option if environment variable
commit 4be98660cedb27cdbad0d89adee2d733f641338c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 19:52:46 2006 -0500
if NETDISSECT isn't available, then just hexdump the packets
commit c28a43186012af034da20cf67e46203c617278d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 19:52:29 2006 -0500
pluto now logs if it is tunnel mode or transport mode, deal with difference
commit 711761e2ed5ba6aef1bc154a8de6ab9a5012fc51
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 19:52:02 2006 -0500
adjust test case to deal with IPsec SA tunnel mode comments
commit cd8f2cb4e3de4b255eb0e091695ca9c8d55d5c8c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 17:57:18 2006 -0500
[PATCH] [PATCH] move ip_cmsg_send_ipsec to ipsec_mast.c
Signoff: Michael Richardson <mcr at xelerance.com>
commit a67ed1aa8752de2bbafce221062afedc154cfb8d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 17:44:28 2006 -0500
[PATCH] [PATCH] move ip_cmsg_send_ipsec to ipsec_mast.c
Signoff: Michael Richardson <mcr at xelerance.com>
commit 80303aa2accc7d5ab6ce3d8be961d3744bf1b460
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 17:43:23 2006 -0500
[PATCH] [PATCH] make sure to return two SArefs --- us and "him"
Signoff: Michael Richardson <mcr at xelerance.com>
commit 85ca9572656404f97dac7652c6a16d81613a3019
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 17:55:39 2006 -0500
send the reply with the appropriate paired SA
commit 68b29e2eefe07e7b162863649a1bf93f1a8e2b18
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 16:57:30 2006 -0500
first working transport-mode SA where we can reply on a given SA
from an SA that was sent to us
commit b60bf25cacd995426091853911883997a3afdbf3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 16:55:42 2006 -0500
[PATCH] [PATCH] when replacing pfkey_sa_ref_build(), I incorrectly added pfkey_saref_build()
Signoff: Michael Richardson <mcr at xelerance.com>
commit fc52bb8b068a83296594fa6a5d2fa56a0aa02c37
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 16:54:05 2006 -0500
test case now completed for situation where we manually key a transport
mode SA, and use options to showpolicy to return a received packet on a
particular SA, based upon the SA on which it arrived
commit 416ec5f337ea25b411dcc4a82011c5dc403763c3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 15:15:30 2006 -0500
added --sarefme/--sarefhim option to set SAref for created SAref
commit aab6c963bd3b84ca3bca5b0cb2dbdba6974a427b
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 15:14:53 2006 -0500
move to 64-bit extension tracking mechanism.
added SAREF extension
commit 747d870f85a240c58416ce7cb9536f794864e355
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 13 15:10:52 2006 -0500
adjusted test case for new saref extension
commit 728727b6582bbf5f5b9c722983fd418f65752560
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 12 12:23:30 2006 -0500
updated reference output
commit 754b132e2b6ff22f3a31bfba09e9b655a337128e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 12 12:23:23 2006 -0500
add exit_tool() link seam
commit 5597f49403b64586e7ea9b640f67887fef4c5c29
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 12 12:22:15 2006 -0500
remove check for include/openswan.h
commit bf0125c4ecabc855375a800b900860800e509370
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 12 12:14:32 2006 -0500
change names of new output files to reduce confusion
commit 72bbc0984024d76a1a28500f7001e3a33e08ab4e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 12 12:14:00 2006 -0500
added saref lines to test case
commit dab69e23505d1b57469333f9f96008a04342ff87
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 10 21:59:16 2006 -0500
updated test case --- send packets out using sarefs
commit e54c7e0a7fa74cbdf60c252ae0184fc9735a3bf9
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 10 20:09:01 2006 -0500
added refhim= entries to spi output
commit ea0e9c2e2903cc2758a6309d207136457ea34748
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 10 18:17:45 2006 -0500
adjusted ipsec spi output to include refhim=
commit 7c16b90ff986ee5b55de07a219ad1fec361a4682
Author: <patrickn at darkstar.tygerteam.internal>
Date: Fri Feb 10 08:33:39 2006 -0500
OE is started. Why west-console.txt would not have the trap routes, I don't
know, but it is wrong. fixed.
commit 8f97def9cb77e4dffa67cb43e4eabd2f065abe03
Author: <patrickn at darkstar.tygerteam.internal>
Date: Fri Feb 10 07:43:06 2006 -0500
Cleared up some testcases. Mostly because of added debug messages from pluto.
commit 16907a9bc395215aad9ddb6999f88bbd21b9d0d6
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 9 16:22:40 2006 -0500
[PATCH] [PATCH] This code provides the decoding of the IP_IPSEC_REFINFO control option into
Signoff: Michael Richardson <mcr at xelerance.com>
commit d60660abf859a0afa3353891b31fc7ab3c0ebccf
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Feb 8 11:47:20 2006 -0500
[PATCH] [PATCH] set up skb->sp->ref to return SAref upon receipt
Signoff: Michael Richardson <mcr at xelerance.com>
commit 6c3757e6afbb04d8f3ae77800c679f5bd04f50dd
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Feb 9 16:29:13 2006 -0500
extended showpolicy to use IP_IPSEC_RECVREF to get packets on a particular
SA and return them using the same SA
commit d526361c924681b48eeb33f5201dde0e2d0aeea9
Author: <patrickn at darkstar.tygerteam.internal>
Date: Tue Feb 7 20:03:08 2006 -0500
Major KLIPS test fixes. Now getting 81% success rate.
commit 3e42b97ef9d635729e6796a96611782b1069e2f2
Author: <patrickn at darkstar.tygerteam.internal>
Date: Tue Feb 7 14:51:50 2006 -0500
Remove OUTPUT files from /testing.
commit 3d775c95a08d2cb85cd59cd77b83730a6258dc21
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 7 01:36:58 2006 -0500
fix for SADB->K_SADB problems
commit ea654486d8fcc13c72606c9ac6bc2fc82248451b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Feb 7 01:29:01 2006 -0500
new test case for tncfg
commit 613892600a8a41b5c68af124bcb48c851990b47a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 6 21:42:44 2006 -0500
test case for spigrp and fix for SADB->K_SADB
commit 75a6fcaeda3bc67fbe396a8346842ca864ffd038
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 6 20:00:53 2006 -0500
generated ipsec_conf.5 from ipsec_conf.5.xml
commit 76402bcc4dade9b638f1bbe916a8b46fe7ae7fca
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 6 20:00:43 2006 -0500
added new test case
commit 817fa2ffc8ac78195b15a36c6c83920119d8e8b7
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 6 20:00:35 2006 -0500
add BUILD_MODULES option
commit a4da8690103bd5668b4be715d3df5ad3c9a713e6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 6 19:49:30 2006 -0500
test case for pfkey test cases --- turn them on
commit 0ec5cc8531861290829c38868cf5b58e252850ec
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 6 19:47:51 2006 -0500
final adjustment of SADB->K_SADB
commit 4708f05ef9d792d160f6862cbe5998caf8869f93
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 6 17:59:38 2006 -0500
added test case for "ipsec spi"
commit d2499d0ae40e774bf3ed79fa46ed5ddd195a116c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 5 23:01:40 2006 -0500
enable building showpolicy again
commit da024349eba7d8dabc123f1d6e6cd16aaef23aa0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 5 22:47:43 2006 -0500
update to use more sophisticated git tools
commit dd54a37d885e57c3cda0df41b545ea01cfe01de2
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 5 17:29:08 2006 -0500
test test case for pfkey routines
commit ebd4ae16873971350a0b5ec4925af8bd0b073af9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 5 17:28:02 2006 -0500
use progname instead of program_name
commit e4cdfe43f7f87b9aaed1fcceee012d6cbd71bae2
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Feb 5 17:26:24 2006 -0500
more adjustments of SADB
commit 64c1113f2208eb154f05c86a010d7c3112779643
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 4 22:43:12 2006 -0500
test case for eroute pfkey generation
commit 3dc738fa915b0f635ffdf9127e4077babe407e33
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 4 14:42:28 2006 -0500
syrnchronize of klips.git/openswan.git code complete
commit 6a6de929620f6a539aeacb114bbe1d4e565e3af4
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 4 14:26:26 2006 -0500
additional synchronization of files between kernel and openswan-2
commit 6dbf6489e81c973794a45018e61a68b05c67ae24
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 4 00:50:20 2006 -0500
more edits for pfkeyv2.h merge
commit 35afe6fcc6e97f859d7b4fea67718c79707d4eb9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 4 00:08:54 2006 -0500
part 3 of pfkeyv2.h merge
commit ee3cb2e3bd41cd047faca9b4f3e375ec64d1a59e
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Feb 3 21:30:09 2006 -0500
adjusted prototypes to match printf()
(cherry picked from a837ae45340aeff9ce242b9fd96f5649d5bdbec2 commit)
commit d0d1b5686368ee5274f201f6488493cb1ffc27bf
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 4 00:05:46 2006 -0500
part 2 of pfkeyv2.h merge
commit 4312c8f6cd3f94c89fc3107c90591d389b3256cf
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Feb 4 00:02:41 2006 -0500
merge part 1 of pfkey work
commit b4264acca220e58914fa7ced8949b656c275ac5a
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Fri Feb 3 21:31:04 2006 -0500
added 2.6 pfkeyv2.h file to tree
(cherry picked from b5f85bd11e2527565a74fe56df92f57b1cc27856 commit)
commit 0d7b859ffcb4c9302b55e5f91ab5000caa60343f
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 31 09:18:57 2006 -0500
[PATCH] [PATCH] rename KLIPS' SADB_ to K_SADB_ and create some custom structures
commit af806961e537eccd5a1d249e45da208c6d57f86b
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Mon Jan 30 11:50:52 2006 -0500
Fix ipkg creation
commit 4b2e442d7146513bf20db0cb5dfbe803148473a3
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Thu Jan 26 07:39:45 2006 -0500
Update ipkg building scripts. Remove freeswan control files, and support
building as unprivledged user
commit 20f1c936d35357126ff0547d7fe39f2fd9fa6fb9
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 25 23:38:08 2006 -0500
[PATCH] [PATCH] create new ipsec_rcv_setoutif to determine where the packet will
commit 1f547cf89aee4982d778a70dc5c0c5b6aab48e1c
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 25 23:29:53 2006 -0500
new test case for originating cleartext packets from arbitrary devices
commit e4b000ee1e505cf3820f5c4d1777e5ee296b9b54
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 25 22:48:29 2006 -0500
only report errors for the pfkey write if there is in fact an error
commit 2302539154ddd0c5a41ce514fdd3fea385c2208d
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Wed Jan 25 22:17:55 2006 -0500
Use new commits mailing list
commit 3a78851091bfd7f5951dbc3364f5554dcdc2e79a
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Wed Jan 25 22:02:01 2006 -0500
Fix email address for commits
commit c9ee7fbca4ed54e0882092c1214437d9cf25d785
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 25 11:46:03 2006 -0500
XML version of man page
commit fec056d28c35f824eaa9da2d822a1720c58f0983
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 25 11:26:46 2006 -0500
hand edited result of doclifter-aided translation of spi.8
commit 36d30c99576ace8007addd79cc4aa47c2e078989
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 25 10:49:05 2006 -0500
added private update hook
commit d708667b318283bf54f5bb792a676ae4512d22a2
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 25 10:42:40 2006 -0500
changed post-update hook into update hook
commit fe82b159c3d8cbffb2b34d7481ad03c0b7475235
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 24 22:51:14 2006 -0500
first argument is the tree
commit 8b2c6b20fc99d3230d5dbfa2aef71148b5631fbb
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 24 22:49:19 2006 -0500
let's try another commit to test ciabot
commit ff0740c2bec7db7606ed4e1a3108a5473116dfd8
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 24 22:48:00 2006 -0500
maybe this version of post-update hook works and comments in ciabot are
wrong?
commit 20ae42fc09ce7ce1a1121ac6805977d3a7d68716
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 24 22:12:58 2006 -0500
[PATCH] [PATCH] added protocol field for xform functions
commit 6f5bc202f0c63815bc07edbb234eb64d3dbf73f0
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 24 15:00:11 2006 -0500
[PATCH] [PATCH] final touches to mast0 as default receiver for packets
commit a87b308326e86cbddef81dbcc977f6bda9198686
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 22:20:16 2006 -0500
[PATCH] [PATCH] create/delete for ipsecN/mastN devices
commit 0b75c12643de032b43c9761959514a54e61e1936
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 20:54:58 2006 -0500
[PATCH] [PATCH] a version that keeps track of interface numbers indirectly
commit 1ce39b121ca347c4728e169496403aa2712df6f4
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 20:25:29 2006 -0500
[PATCH] [PATCH] added CONFIG_KLIPS_IF_MAX parameter to scale maximum number of interfaces
commit edf2d7200424a2c921eed5cd1a206e42d7fd6de0
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 16:01:39 2006 -0500
[PATCH] [PATCH] removed CVS $log items
commit 0f0067ee75c796045ea44d25a208adc43e470310
Merge: 2f1b31a 1402505
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 24 22:16:39 2006 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 2f1b31a4b4c7ea4a662cc821b6d9f8ef364b3cbe
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 24 22:16:01 2006 -0500
add missing /
commit 1f0909a6e78f53622f594596c9f73794b3548120
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 24 22:10:15 2006 -0500
test of ipcomp decryption
commit 919fa151308664ad06694a8be6d5aff4e8de8823
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 24 18:57:33 2006 -0500
fixed output for new klips and new tcpdump
commit 823452096f3d802d18d3b8b5b19263041877c5d0
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 24 14:58:38 2006 -0500
first test of packets being received on default mastXXX device
commit 140250523ac5a7fa9172a425a945295abbc20b40
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Tue Jan 24 11:15:37 2006 -0500
Fix for ipkg build with 2.6 kernels - use ipsec.ko
commit 2daacc0fb4e5167d15a3ec3f237c52abfd24903e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 15:28:30 2006 -0500
added cia programs to track a git tree
commit 8eec5164cf05196e0596cc4bcedc3e004d837267
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 15:03:00 2006 -0500
updated file from 2.4.5
commit 8fd66154dce730561a4d03551a0c49132df0a6ec
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 14:57:49 2006 -0500
patches to examples from bleve
commit 0bd8c985aef30aee3cab39270ec86431bf9a3aa5
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:31:59 2006 -0500
[PATCH] [PATCH] use pfkey_required/permitted_extension interface rather than explicit reference to array
commit 122e51d2e26d34493b147b13c3c6fbe7415bba15
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:30:09 2006 -0500
[PATCH] [PATCH] added code to send ESP packet out to world
commit 1a87ebe2f2a332fa67b878d951f06407355393f0
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:29:32 2006 -0500
[PATCH] [PATCH] replace #defines for pfkey with an enum. Added plumbing routines
commit f5d9f5fd3b87a37a6de717a0424aa5848063f41f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:28:54 2006 -0500
[PATCH] [PATCH] change pfkey debug functions to match printf/printk
commit ded245d8a18535e4da9ace2f6e46fcf6afd2173a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:26:55 2006 -0500
[PATCH] [PATCH] refactor sending code into ipsec_xmit from ipsec_tunnel so it can be reused
commit f5d3f8b9d69a8e2179850ab6860786a7118d5260
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:25:30 2006 -0500
[PATCH] [PATCH] add pointer to xforms for processing (use later)
commit 17744ca33110c0724e36e9362b8e5b38263511d8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 22 14:43:26 2006 -0500
[PATCH] [PATCH] refactored pfkey_sa_ref_build() and friends to use a structure of
commit a71c8f611ef07e675121fd03956de729c8dc537d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 19:54:07 2006 -0500
[PATCH] [PATCH] replace sprintf/get_device loop with a loop that just looks through
commit c61e02437336aee9201c368501c3efe36214b18d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 11:23:14 2006 -0500
[PATCH] [PATCH] after refactoring to remove ips_onext/ips_inext and turn SA list into
commit ccc8d4d2018ce71ddd3bdc34c3b5d0e5ec0ea2cc
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 17 21:44:26 2006 -0500
[PATCH] [PATCH] look up SA once when starting the decapsulation operation, and then
commit f3e4b4bf06ab7f405cd55e74bc45169092fc0133
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 17 19:27:27 2006 -0500
[PATCH] [PATCH] removed CVS log files
commit ca84b434769cd0c98e4591dc82d72c5c5d8be905
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 17 19:27:06 2006 -0500
[PATCH] [PATCH] refactored ipsec_rcv_decap_lookup to make it more clear where we
commit cae0c48afb2e80b6ec06ba7e62c5128dc5d7d33f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:14:15 2006 -0500
logic and documentation added for creating and deleting virtual interfaces
commit 3af50017dab88d2c657eeb078b01914a387c8db6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:13:14 2006 -0500
refactored to use pfkey_open_sock_with_error() from pfkey_help.h
commit 3e12cf5f80b0b26bc02e0aedf7a2d3aad7fc9593
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:10:24 2006 -0500
make sure to initialize pfkey error logging routines
commit 736c8052a37fba9eb0ad70f595429a3eb91c95bf
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 23 12:08:15 2006 -0500
added pfkey_help/pfkey_sock code.
Also use KLIPSINC as variable, so we can point to running kernel
commit 36cc61b48be9b77f7db7ae02febbcd20d2682f85
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 22 21:25:50 2006 -0500
force the mtu on the mast0 device
commit 6d91d38d9da2b3ed0d7605c3ab6c5064ebb55c7b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 22 21:25:21 2006 -0500
comment out arp stuffing
commit a1dd6436edb48df37de0a20a27d9b33024ea3bd9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 22 18:50:30 2006 -0500
outif pfkey refactoring tests pass.
this is first run with refcount bugs fixed, and this output has proper
reference counts
commit 03ed2755e279693abe550dce05f298c3e7d74b57
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 23:27:46 2006 -0500
added new --outif=XXX to set interface to arrive on for inbound SAs
commit a39fcb052c866fa388f2b8d8a991244797edd8a7
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 23:25:37 2006 -0500
use less confusing pfkey_sa_builds() function instead of pfksy_sa_build_ref()
commit 1e6099d33904ce9ea5637402ebb956ccabb48635
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 19:09:58 2006 -0500
test case for receipting traffic using the mast device
commit 124fa39ca2dee3fd9af7a7a3be77f6b719bd7447
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:36:14 2006 -0500
if there is an error from uml_mconsole, ignore it
commit 34bfed4d0d6e9155b3b19c49b63a891e6b58ad6f
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:34:52 2006 -0500
clear up looking for arpreply
commit 1b346e46e35ba2baed038249e3e14d470bcab5e4
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:30:24 2006 -0500
added additional argument to setupplay, to hold additional options that
might be needed (localswitches uses it)
commit 3ee7676866615869fdf2589208ec0656f663b045
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:28:28 2006 -0500
when using ontick, if we run out of packets, then rewind the file and
start again
commit 7cee315b4455df5d735dca9a694849fa2f705bb0
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:26:38 2006 -0500
saref is not printed by default
commit 8fcb28fe37b61f76bb110cec6c4bc7bdb63c457d
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:26:16 2006 -0500
refactor process of exporting variables into "export_variables"
commit 50673526c3ab2431a8949bfbcd12a43c09f2721b
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:24:52 2006 -0500
localswitches should set things up to replay the packets that the test
case specifies, using the "ontick" method
commit 95916b58c0e168fc54095b758d4c1d69d01f1941
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:24:04 2006 -0500
add virtual console devices to udev list
commit 6de99d09f60faea64781a19778f925080a19d3ca
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:23:39 2006 -0500
split up uml testing text into more documents that are easier to maintain
commit 28aed353ad445bf8a8e01b38ef7ab55d62b395e1
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 18 16:23:08 2006 -0500
it seems that the arpreply code was not properly being invoked, so
no data came out when it should have
commit c2ef0c84df2bf1d626e6a6c008a477de38415a8d
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 17 11:23:17 2006 -0500
added rfc4322
commit e0a3e727e32d030260d7768ace2e765dabbc9b87
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 17 11:22:25 2006 -0500
removed OE draft, now published as RFC4322.txt
commit 924b2216a8570fedf0a43501a9ee2931957eaf9b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Jan 14 11:49:53 2006 -0500
added test case for aggressive mode + certificate transmission
commit a3eb851e2bcc72c2997167b697840f11728b6821
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Jan 13 09:23:58 2006 -0500
added VIDs from Sonicwall OS standard
commit 7e487cc41b5d5518cb90a0fea6475e4423dfa2e7
Merge: da241e7 f029ad2
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 12 21:21:21 2006 -0500
Merge with /mara6/openswan/public.git
commit da241e78d390c0a24a142cefc47496bc253b71ee
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 12 20:23:57 2006 -0500
deal with the klips.git tags properly
commit a784a60a19a1e89442341d66e986ea2d6eb24121
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 12 20:23:31 2006 -0500
remove unused variable
commit f029ad22e26023575a27b1400a2d0e133ca28043
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 12 20:22:16 2006 -0500
this udp.c patch works on 2.6.13
commit b38b6b1fcf26d7b3d743898225fbba7becc25065
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 12 17:46:11 2006 -0500
update plain 2.6 config file to include PPP
commit 1727b239b3d277f70d4d0054f441a0fe15ba8685
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 12 17:46:01 2006 -0500
set leftnexthop= for OE conns
commit 6b24b8e288224a3a16c6f9ef054b4cea6a3cd42e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 12 17:45:42 2006 -0500
remove no longer useful CONFIG_HIPPI line
commit c06a2c646a4688eef949057ece71433197ba7308
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Jan 12 17:32:41 2006 -0500
now that nexthop does not default to %defaultroute, we must set it
explicitely for OE conns
commit ecf9fc8329e071150149ba7c94b97212101bdaea
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 11 22:15:28 2006 -0500
removed duplicate sysctl_ipsec_debug_ipcomp definition
(cherry picked from c136b29ac9a31bd3c5549cfa3fb0896189f0e079 commit)
commit c136b29ac9a31bd3c5549cfa3fb0896189f0e079
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 11 22:15:28 2006 -0500
removed duplicate sysctl_ipsec_debug_ipcomp definition
commit a8b853bd6a61279555b3ebb33c4fc226c09b0380
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 11 22:08:10 2006 -0500
new header file
commit 7fbcf672ad988f49dee5effab09d8225fcecb77a
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Wed Jan 11 21:25:22 2006 -0500
uml kernel configuration for plain kernels with 2.6.15
(cherry picked from 3579dccef39c5c22d088e7b6113a26e49d873aa3 commit)
commit 3579dccef39c5c22d088e7b6113a26e49d873aa3
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Wed Jan 11 21:24:24 2006 -0500
uml kernel configuration for plain kernels with 2.6.15
commit fb9c6a8ecfe77af846c974d1b8680945c4572dc1
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 11 21:09:57 2006 -0500
uml config file updated for 2.6.15
commit 336044fde74c3fcc1413b3295349544dff1eaf13
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Jan 11 20:27:52 2006 -0500
added 2.6.15 kernel configuration options
commit 719f077d8d41f137e6d29f36351ab357917cb60e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 20:24:47 2006 -0500
adjust kernel git pull routine to not dump patch, just stop after applying
each patch set
commit c553d8513b2b058f63ef1123f43e682379b956e4
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 20:17:26 2006 -0500
the final 2.6.12+ udp.c patch (I hope)
(cherry picked from 100e43c32f1f44f1c7a471da5c0f8dae5af12a85 commit)
commit cd4162d96d565523846aec37ede2b23fd89fb23f
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 20:24:10 2006 -0500
enable PPP options
commit ca27919e5399ac98a8fc1d7bcbe6349cdee3e365
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 14:43:27 2006 -0500
test nat-t udp.c patch
(cherry picked from 8d9b46fac1f64ee2e7bc090da9f8899178642b60 commit)
commit 455bc6a0cf925767afbcae792f821d5c1764ab4b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 14:31:33 2006 -0500
include CRYPTOAPI config option for 2.4, now that 2.4.29+ has it
(cherry picked from 8d3f9cd695ef7ca5a935aad2934ea56a4e42a897 commit)
commit dc67c25808cedd4028aba7025282c6fea1e9ea3c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 14:31:19 2006 -0500
updated nat-t patch to be 2.6.13/14/15 happy
(cherry picked from 3384551effe3fa7247b66a01efb4e09a36871fdb commit)
commit 100e43c32f1f44f1c7a471da5c0f8dae5af12a85
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 20:17:26 2006 -0500
the final 2.6.12+ udp.c patch (I hope)
commit d9a2f60dfccf4c305325fbed253a7f5f4f6393e6
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 20:06:50 2006 -0500
updated kernel configuration for plain UML to 2.6.15
commit 590a21ba53b768f654ac596ddad3b29e76db90f3
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 20:02:39 2006 -0500
remove redundant definitions of debug variables
commit 8d9b46fac1f64ee2e7bc090da9f8899178642b60
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 14:43:27 2006 -0500
test nat-t udp.c patch
commit 8d3f9cd695ef7ca5a935aad2934ea56a4e42a897
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 14:31:33 2006 -0500
include CRYPTOAPI config option for 2.4, now that 2.4.29+ has it
commit 3384551effe3fa7247b66a01efb4e09a36871fdb
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 14:31:19 2006 -0500
updated nat-t patch to be 2.6.13/14/15 happy
commit e4d9dbb7725f5bf89fe8f50d582eab616d6849ea
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Jan 10 11:12:21 2006 -0500
[PATCH] [PATCH] remove duplicated ipsec_mast_send
commit eea68213d463c835707f1c3cd909717ba2254d09
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 8 15:32:55 2006 -0500
[PATCH] [PATCH] packets that arrive on a mast device will select an SA based upon nfmark/saref
commit e9769a251525bcb3bfe7512632816b06ee2ae604
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 8 15:31:34 2006 -0500
[PATCH] [PATCH] refactored saref code to permit absolute SAref values to be provided
commit 7490cc599eda35e1089ef5445d65e49792aefd90
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Jan 8 15:15:23 2006 -0500
[PATCH] [PATCH] remove onext/inext confusion --- just use singly linked list
commit f62fa9aafa8557cadca4b6dcd3bdae3ebcb9ea23
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 9 14:58:25 2006 -0500
added cryptoapi configuration line
(cherry picked from 734278a51f9c7b80386ed1d645b6f200c51d3f0c commit)
commit cbd5f33d873741c2f74f8bee8dc0b128a2080015
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 9 15:00:13 2006 -0500
update to klips-git -> openswan conversion script
commit 734278a51f9c7b80386ed1d645b6f200c51d3f0c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 9 14:58:25 2006 -0500
added cryptoapi configuration line
commit fc075097963dc4998d8364b50b396eac67ab9d4c
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 9 14:57:48 2006 -0500
rename console file
commit b1a3a4cbd765f0915a3397a552e266abc05bfa8f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 9 14:57:24 2006 -0500
refactor --arpreply functionality into klipstest
commit 17fb770bd7c4c51e50dc4349844d75ed5f1c821d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 9 14:47:28 2006 -0500
new test case for mast0 device output based upon nfmark
commit b4db3374a23791e7f7243ef7126ba39cb2004fd2
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Jan 9 10:37:44 2006 -0500
remove CVS log
commit 69467275d670d1903fc18a578367fd7c6f34f90a
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 28 01:06:42 2005 -0500
[PATCH] [PATCH] further adjustments of saref counting code --- spigrp dump needn't take references
commit ad696f5bfb5cc7823a64181e541756709901e2ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 23:27:52 2005 -0500
[PATCH] [PATCH] switch from ipsec_sa_delchain -> ipsec_sa_rm, remove ipsec_sa_free(),
commit 0807f31aac69e49e9a2aa748bb27c844938daaa1
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 17:11:19 2005 -0500
[PATCH] [PATCH] do not call ipsec_sa_wipe() directly, rather use ipsec_sa_put() from pfkey routines
commit 51cb231fe1fe01a4fef082aa1726c11e20ebb547
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 16:12:35 2005 -0500
[PATCH] [PATCH] removed CVS log lines
commit 72a8a1e4ab1b2ba778a822bd7a17eec6a2e946f3
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 23:18:11 2005 -0500
update KLIPS test cases for new saref code
commit 4f2340dfa91b68fcbe8c6dc791149283f85b89f0
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 18:44:47 2005 -0500
further adjustment of test cases to deal with new reference counting regime
commit b1f9ea7361a24030119ab5a42d7afec2f54a2301
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 18:41:04 2005 -0500
updates to saref test to deal with new reference counting regime
commit 9be582e99c60a9099f040f42f6cd12dbc55a6426
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 15:02:51 2005 -0500
[PATCH] [PATCH] use new sysctl.h to get debug variable definitions
commit 626c5685133945a34e7a9c64f0ace6daf036f34b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 15:02:18 2005 -0500
[PATCH] [PATCH] make sure to decrement the right SA count in xmit routine
commit 80521bc4765f2b5d8a05d2cbf9e061308c58b4e8
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 15:01:42 2005 -0500
[PATCH] [PATCH] ipsec sa processing changed to use reference counting better
commit 103ef1caaee6eac6d430d4e52d916400e1014922
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 15:00:28 2005 -0500
[PATCH] [PATCH] remove duplicated debug variables
commit 455fbc94528c914bc4e184a0bd71d62ae3276773
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 15:47:22 2005 -0500
introduce mast0 device for use by KLIPSng routing system
commit d34213ba190561d674d1dfcadc01d43cb1f2e8a4
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 12:54:41 2005 -0500
added debugging of reference count process to SA allocation code
commit c2c01d674d0aeb3adee98d02165e8d10408722ec
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 27 11:12:28 2005 -0500
ignore rcookie failures as well as icookie failures
commit f0d0f690e92a8e052fdee3ac214fc167531b3f4f
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 26 23:41:22 2005 -0500
adjusted unit tests to now intern the SA before using it
commit 2195e94169b7e05c2d069ad1cbd69d181d501ed1
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 26 23:17:10 2005 -0500
added NFmark->SAref calculation regression test
use /mara1/git/klips as source of code --- this requires that we symlink
into the KLIPS headers, because we don't want the rest of the kernel
headers, but rather the unit test ones
commit d561d2d030d84be85cd812a8c7132d0466d8d386
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 26 22:18:08 2005 -0500
changed SA ref processing to permit userspace to specify SAref values.
Changed the SAREF NULL value to be 0, (was ~0), so that unspecified
values can be allocated automatically. ipsec_sa_wipe() and ipsec_sa_intern()
try to take care with ips reference counts.
commit 546a52b2efd287b8cb21613941566d9888feaac7
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 26 22:12:02 2005 -0500
test case for SA reference allocation
commit 00815e33276cc9185145aa7b475a992ab0843c23
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 25 17:18:27 2005 -0500
introduce KLIPS_ERROR function to print error messages
commit 117f45eab123407495b21eabe22d0bb0061677f0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 25 16:49:31 2005 -0500
failure to allocate a device is not debugging
commit 3e0c35cc0ffe0133438d1f0ef31bb8d400423d91
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 25 16:37:53 2005 -0500
added xmit and mast debug variables
commit 85b6116e1ab873836b8c426ffe800ab72b581910
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 25 16:37:17 2005 -0500
remove very length CVS log entries
commit 40e9d842cbc3f8cbf49fb3b721bf4725e73095d8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 25 16:37:00 2005 -0500
move ipsec_SAtest to kunit
commit 854476e8169f2a7d291319380682bc1e313595b4
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 25 15:42:13 2005 -0500
removed bogus file
commit d692aa8329dd4661d27abf56dab1386c1153f5dd
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 25 15:41:01 2005 -0500
reorganized debug flags to live in ipsec_proc.c to permit unit tests
to more rationally deal with the need to define debug variables
commit 52e7064e9f772955e52cba8d0f7cf9970ac27534
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 24 16:51:50 2005 -0500
added all debug flags
commit a8ece079cb601abd70f5d83f9c1d361a7e4e38ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 24 16:16:12 2005 -0500
moved all debug variables to a common header.
in kunit tests, declare all of the debug values in one place
commit 29f2155ece3af59d3ddcb8677bc55531e03e916e
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 23 23:30:21 2005 -0500
adjust xml man page to have spaces between "ipsec" and "klipsdebug"
commit 2efdc455909f2305f53b7f61f28e9ef157b83977
Merge: f55b342 9e11563
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 22:20:21 2005 -0500
Merge with v2.5.0cl
commit 9e115634bf0e486d1be3ea6e376ae60cc2e766fd
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 22:09:19 2005 -0500
the TPM call out has to be done after the HASH payload is inserted, but
before the HASH is actually calculated
commit da3a1013fb2fcb6d8fe91b7355c21ac2d016fd31
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 22:08:50 2005 -0500
test case 4C is still a bit unstable, but in works
commit 6e11e061b3ae0b504770f71d9a46ee542bbfe34e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 22:08:09 2005 -0500
drop ICMP error notifications --- they aren't deterministic
commit 28854ce878f3057bb07709b4647d9a3bc4874bb4
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 22:06:22 2005 -0500
make sure that VID can be inserted properly into a payload that has nothing
in it yet.
commit de2565fd5105cc0f62beee1e20a5a9d1b6b40555
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 21:45:52 2005 -0500
pid-sanitizer
commit 7af8a9d99c7b9a502a6f2599af5d56cecddc74c7
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 18:22:03 2005 -0500
removed control debug messages and changed order for westinit
commit a3b7518dd652656691597f48ce29bcb06d72b9d1
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 18:10:21 2005 -0500
added pid-sanitizer and remove notes about extra debugging
commit 9dc1adb8dcf489132024aa22f919c5e808d5874c
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 17:36:00 2005 -0500
when we are told to --listen, flush stdout and stderr, so that any logs that
happened to waiting are output at that point.
commit 369fefac54e3dafa0eea37583d3b38677ba27e0e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 17:35:25 2005 -0500
when running each script for a test case, log this fact to each of the UMLs
and then sanitize the logging out of the result. This makes it easier to determine
if things ran in the right order
commit 061be407b8559d451303f4c1ee88fe378fc7af5e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 17:34:20 2005 -0500
import USE_ variables from Makefile.inc so that testparams.sh can test them
commit 6c755a6d09ef2a726d9c107b79eaaf3eeb7118ff
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 17:33:53 2005 -0500
export all of the USE_ variables from the Makefile, and make sure that "make env"
outputs values in a way that can be used to set shell variables
commit bec480ce802a47205f1890da656680d13cef0bb0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 17:33:13 2005 -0500
test case can be different depending upon settings for USE_NOCRYPTO
commit 13dc272ad3704a8f26242325636e255266e7995d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 17:32:32 2005 -0500
adjust the test case --- make sure that west actually runs the test during phase 4a.
on phase 4b, we corrupt the outgoing message only once so that west doesn't give up.
commit 48045812cdcd6b4f72b48423e9de4b9fba8a003b
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 14:48:11 2005 -0500
stabilize the test case by adding echo done on west side
commit 489c86437f775d9e00cc9e6b48ad89ca85d9843c
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 22 14:14:14 2005 -0500
attempt to stablize the test case (failed)
commit 36e8953f98269cdc07ff996de6c89fd6df895099
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 21 13:59:09 2005 -0500
when building oid.[ch] we need oid.txt
(cherry picked from dd8b49e4cc104c823784f9707a4d5728aa031c66 commit)
commit 1def3c67a364b74ee1e381839582898b32618adb
Author: Michael Richardson <mcr at gimli.(none)>
Date: Wed Dec 21 13:52:28 2005 -0500
fixed typo by MCR
(cherry picked from 7400a0eb6ff5c525054b8b8b2a11c4c06167619d commit)
commit 93269336c39c61cb7cb61e3b61d76b795ae7c420
Merge: 2ef6b66 5ddf5a3
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 21 00:57:01 2005 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#l2tpd
commit 5ddf5a32776e9906bdedf3cb976f9848b9b37835
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 21 00:03:36 2005 -0500
do not force POLICY_TUNNEL when there is a client, because it might be
in fact a vhost behind a NAT
commit dc921a9e6bd820ad443dc445cf44b10466f6100e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 20 23:43:34 2005 -0500
zero natd in the case where we don't detect the peer is NAT'ed
commit f7cc6e0f45def485f6200993c4744357cd916aaf
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 18 18:03:56 2005 -0500
do not copy certain files that are generated when updating openswan git
tree from klips git tree
(cherry picked from da3ee725be4228a5e29579a8b62f64a206c6684b commit)
commit 97dc024e403677b0d59e69fdc463affa5446a22f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 18 18:04:08 2005 -0500
include /dev/ptmx in the devices that are created
(cherry picked from 2ef6b66c587597d01f6b84325ae3d0b29ae4bf87 commit)
commit ecbe234bea4c582d19d272b3832b6615cf8e8c0e
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Dec 15 11:59:09 2005 -0500
Only set st_natd when if we found_him (NAT_BHND_PEER)
(cherry picked from d079a3400ccff270a5df339867023375374ff4e1 commit)
commit f5c2f57352605912ff3430596fd4e329bad69d84
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 20 23:14:01 2005 -0500
log if transport or tunnel mode is negotiated
commit 885a999be0eed732677ebed41f048ab2e1232aaf
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 20 23:12:58 2005 -0500
when decapsulating transport mode packets that have had NAT applied to
them, restore the origin address of the packet from before the NAT.
When encapsulating transport mode packets, and appling NAT encapsulation,
make sure to set the destination address to the outside of the NAT.
commit 0f34c639159acd2271ff363e69d6605ae0982b03
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 20 23:09:34 2005 -0500
make l2tpd test cases more deterministic
commit 5b31bfc87f77bf2ec66e4e3eb9e8fa42838bc44e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 19 16:06:12 2005 -0500
updated version to 2.5.0cl8
commit a20bb2929a43ed4da98a98873f8cb69664cffbb6
Author: Michael Richardson <mcr at gimli.(none)>
Date: Mon Dec 19 15:56:41 2005 -0500
use positive #ifdef to get appropriate behaviour on desired
platform, rather than negative terms
(cherry picked from 85f3e4c7185a4956d0158129f9fde0ddeb14f455 commit)
commit f7fe9cef004c660cd58fd4a38f30e0fa869eb927
Author: Michael Richardson <mcr at gimli.(none)>
Date: Mon Dec 19 15:52:16 2005 -0500
adjust oid code to be more happy with gcc4
(cherry picked from 21fd642a41ecd6eb2f615676d469e33915648741 commit)
commit 2ef6b66c587597d01f6b84325ae3d0b29ae4bf87
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 18 18:04:08 2005 -0500
include /dev/ptmx in the devices that are created
commit da3ee725be4228a5e29579a8b62f64a206c6684b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 18 18:03:56 2005 -0500
do not copy certain files that are generated when updating openswan git
tree from klips git tree
commit 1d95423a201f7de9574795959dcb96a6aaf27dfd
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 17 22:51:40 2005 -0500
some progress on the transport-mode mast0.
commit 5f9e97fb38a7aeb6b11ca2bbf59b9a339ace577f
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 16 23:45:10 2005 -0500
l2tpd branch is not yet ready for libipsecconf
commit f7bb5b28d5b66ea1ea66c2008ac1023011204abd
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Thu Dec 15 11:48:53 2005 -0500
Fix missing '
commit 5fa2bc1a8134501fe516ad721198e8a8461fd902
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 14 10:08:26 2005 -0500
addconn.c compiles --- this is still a skeleton
commit 1afc267b19e4a2f97a066aec15410bbbc061290f
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 14 08:17:00 2005 -0500
first cut at eliminating awk (use starter) from auto processing.
moving this to twokeys branch, because we need new configuration file
location processing
(cherry picked from 515a28a8e57e318830c7b88d18da227114a53866 commit)
commit 46da32a2f9c371cca2edaeb21244b2ad359ec298
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 14 10:06:23 2005 -0500
adjustments to make libwhack rework work in tree
(fix some circular dependancies among libraries)
commit f7039071a8afe32ec4b2635cff5bd1260b1fdab5
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Wed Dec 14 10:05:45 2005 -0500
refactored starter into libipsecconf to permit auto.c to be written
(cherry picked from 89a02cb7ebd675b7aa2c5bc4ed7176150ff08500 commit)
commit 7c4d56c38185109734b14d388179a247f04e1133
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 14 09:47:09 2005 -0500
updated lib/Makefile to include libwhack, updated .depend file
commit d6b4687a27ab6b7380b04363a8840c9f0b8326eb
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Wed Dec 14 09:45:11 2005 -0500
move whacklib to lib/libwhack
(cherry picked from a61a1eedbb8c199a30768b4c4a28b846f2b1c7ba commit)
(cherry picked from 2051ab4472896151e3276686826cba6f150c83d2 commit)
commit 89a02cb7ebd675b7aa2c5bc4ed7176150ff08500
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 13 22:10:00 2005 -0500
refactored starter into libipsecconf to permit auto.c to be written
commit 34b80b9e34613df03681ca83286f87333b6b4d9f
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 13 20:14:31 2005 -0500
This a work-around for this in openswan, that relates to MS 818043 NAT-T
Update. I have added code to indicate if this work around is being used.
However, it isn't enough.
What this patches attempts to do, is to use the NATOA address as the
IDcr, if the IDcr has been set to FQDN.
commit c5eb54951ce615ce5e6e475c447c1165043c62f4
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 23:23:29 2005 -0500
prepare for next release
commit c728510dfb0482d863b2ec56667c40b9619d8702
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 21:29:34 2005 -0500
updated CHANGES
commit f55b34251c1c0cb39207e9ca9717b5fcc4ef4314
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 21:21:17 2005 -0500
stablize the whacklib from changes due to virtual ip options.
Even if we should build without virtual IP support, do not change the
format of the whack message
(cherry picked from f91050a51439ce195bbfb802ea2742082fe427b5 commit)
commit 0ba928ef3ed94b6103a09cb2dba097c9d5e68e61
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 21:19:28 2005 -0500
adjust makefile so that we can depend upon the generated libraries properly
(split non-generated -llibs out in the variables)
(cherry picked from 830a784abc894b48899fdf02cbcf9424b5023452 commit)
commit c088fe844ede8c319540dbc37f997fecdef3eb0b
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 21:19:04 2005 -0500
set the received message to zero, to make sure
(cherry picked from e913da556ab8f7bfc51a40ec656d30a45ca29648 commit)
commit f91050a51439ce195bbfb802ea2742082fe427b5
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 21:21:17 2005 -0500
stablize the whacklib from changes due to virtual ip options.
Even if we should build without virtual IP support, do not change the
format of the whack message
commit 830a784abc894b48899fdf02cbcf9424b5023452
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 21:19:28 2005 -0500
adjust makefile so that we can depend upon the generated libraries properly
(split non-generated -llibs out in the variables)
commit e913da556ab8f7bfc51a40ec656d30a45ca29648
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 21:19:04 2005 -0500
set the received message to zero, to make sure
commit 338455ccd4e8c4a24fb505ab0b975ee668802857
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 21:11:28 2005 -0500
change version to IPSECBASEVERSION so that we can add to it
commit 5b18def7dcd6620f7dab29855ddf3b49c1229d9e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Dec 12 21:11:05 2005 -0500
updated changelog for 2.5.0sbs4
commit 8d60106889251483965a4e19dd54c9e8dcbbfa15
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Mon Dec 12 19:11:40 2005 -0500
Add new libwhack dir to SUBDIRS
commit f0a6458f88ca2dcacf6b734cc59a8ac412ebace9
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Mon Dec 12 19:09:30 2005 -0500
Remove bad merges
commit 12dd09184c5e4b3ace2f0f76d30b87bf84608a65
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Mon Dec 12 19:07:21 2005 -0500
Add new libwhack dir to SUBDIRS
commit c773fb4326237baad9a63e534f4aa889ea760d4f
Merge: a219984 88da244
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 11 22:07:57 2005 -0500
Merge with /mara6/openswan/public.git#public
commit 88da244390a71d1e578579f8a8f1ef55f95cd319
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 11 18:12:50 2005 -0500
fixes so that starter will now compile
(cherry picked from a219984940286bcf89f98a0183436c210915ce0f commit)
commit 83e37d9b0b0d675e69e53158842161a194eac7a8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 11 18:12:36 2005 -0500
repeat adjustments for Makefiles that is caused by Makefile.program updates
(cherry picked from 34599a0afc7ad003c92803b1c68e8b7d6fd2eb5e commit)
commit 2051ab4472896151e3276686826cba6f150c83d2
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 11 18:08:08 2005 -0500
move whacklib to lib/libwhack
(cherry picked from a61a1eedbb8c199a30768b4c4a28b846f2b1c7ba commit)
commit a219984940286bcf89f98a0183436c210915ce0f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 11 18:12:50 2005 -0500
fixes so that starter will now compile
commit 34599a0afc7ad003c92803b1c68e8b7d6fd2eb5e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 11 18:12:36 2005 -0500
repeat adjustments for Makefiles that is caused by Makefile.program updates
commit a61a1eedbb8c199a30768b4c4a28b846f2b1c7ba
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 11 18:08:08 2005 -0500
move whacklib to lib/libwhack
commit 0e98f887733f56e01f43f96369776aeb35c48909
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 11 18:04:55 2005 -0500
de-conflict-ize the Makefile.ver
commit 602fbd066857a527af04b1f2ff144069516a1843
Merge: 592bfd7 8883827
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 11 15:58:44 2005 -0500
Merge with /mara6/openswan/public.git#public
commit 888382781c5ddd9c91344b2d826983d0b4b3e352
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Dec 11 15:56:56 2005 -0500
adjust makefiles to work with OBJDIR version of Makefile.program
commit e695b9d16694315681c559b432c93f1eed2fdbfc
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Dec 5 07:59:55 2005 -0500
switch to OBJDIR if it is defined
(cherry picked from 482e312c2087caf94abe02e1969eea43509cfaeb commit)
commit 592bfd7ae9ad83001c348b6c3ed2aaa8f0aef97c
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 9 14:53:42 2005 -0500
When a template conn is instantiated for a phase 1 configuration, it
may still need to be adjusted to a virtual IP address. In addition, change
the order of the virtual IP address setting and the port-wildcard processing.
This patch also provides some additional debugging of the proposal which
actually processed by the machinery.
commit 49c97d49e88533ce65e713488b80f249ac568c10
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 9 14:49:51 2005 -0500
This tests an X.509 L2TP configuration --- 2 clients behind the
same NAT with certificates that need to have their connection both
instantiated (in phase 1) and virtualized (in phase 2).
commit 9e04b68dccf0b224ab8f30e1bdbc74968e234755
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 9 14:46:58 2005 -0500
adjust console output for l2tp test cases
commit 888368fa18f97db6808575308b42cd2ebd959b3d
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 9 14:46:18 2005 -0500
move definition of CONN_BUF_LEN to connections.h and prototype format_connection().
commit ebc08d81a6631b1cb7b1c2789fce3caf2fe492e2
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 9 01:03:24 2005 -0500
put a space after the program name in the openswan_log() for tools.
if the passphrase is provided, do not prompt.
commit c82edaab4e369df48cdfeac337f7b800d4bb3388
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 9 00:35:49 2005 -0500
adjusted version
commit 093065df88170356d48b7ed09ff4d19d1142822b
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 9 00:34:43 2005 -0500
minor adjustments to pbs and test cases
commit 02cc1505a9098f9c1bec875818f6affdf3ba139f
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 9 00:33:38 2005 -0500
make sure to compare against -git version
commit 7b5b2bc15c04bffbe8a50b4d2da32e858dc31b91
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 22:49:26 2005 -0500
adjust test cases to run consistently -- make sure that we shutdown properly
commit 0ff710cdcf780a733f22936efbac62909037ed80
Merge: ff01920 dd29fd0
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 20:53:31 2005 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit ff019205bfbfa9b29e4072e8e0ded756861bad8d
Merge: ccd1709 dd1852a
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 20:53:06 2005 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit dd29fd0749ed6142ab74c4d0d2c71e67e50e875e
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 20:51:07 2005 -0500
added sanitizer for PID files
commit dd1852a5bb4f9fc4a83cebaaa0fb84ffb8c9d8b7
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Dec 8 20:25:02 2005 -0500
This fixes an issue with IP Compression reported by Astaro.
When kernel_alg_makedb() is called, it returns a proposal of only 1 element
instead of 2 elements. It should contain both ESP and IPCOMP proposal items.
Instead, we call sa_copy_sa (sadb, 0), which returns both proposals.
commit b80ef4c28fe6eae317cbc6eb92616d71f13f64ad
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 20:16:44 2005 -0500
first linkable version of showhostkey written in C
commit a384f45c4b5fc5ce4b81538b944e21033dd1ff58
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Dec 8 20:16:07 2005 -0500
If nat_traversal=no in ipsec.conf, PSK-based roadwarriors can not be established, regardless of whether
NAT-Traversal is needed or not. The reason is that the PSK can not be located.
In the log file you will see:
Can't authenticate: no preshared key found for `192.168.5.80' and `%any'. Attribute OAKLEY_AUTHENTICATION_METHOD
commit 4a4fde34796911b4fd82f0f36fd29ea548f9fddd
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 20:14:36 2005 -0500
fall out of moving some code around and some prototypes around
commit e43fc896790d37abaef0094a725b89b33f763ed1
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 20:14:08 2005 -0500
rename pluto_endian.h to oswendian.h
commit c8c53ca0018bf8d1baf440f4aacfdec95eecc4b7
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 20:13:50 2005 -0500
moved pgp.c and oid.c to libopenswan
commit 7b3d835916349660b8b2cfed74c66ae22cf22e37
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 20:12:48 2005 -0500
moved md2, md5 and sha1 to seperate libraries
(md2 is used in old certificates)
commit 5a0626517900ae0e16e17c7a1d06b7ecf73e68d5
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Thu Dec 8 17:15:29 2005 -0500
many files were moved from programs/pluto to lib/libopenswan such that they could be
compiled and linked against other utilities. The specific goal is to make the
ipsec.secrets parsing available to showhostkey.
Likely many files in lib/libopenswan will be refactored some more, and some will
move into libcrypto (md5/md2/sha/rsa).
This code has been verified against basic-pluto-01, x509-pluto-01.
psk-pluto-01 fails due to a failure to find the right secret. This will be further
debugged with a unit test case.
commit c862020afd4d7ff3a0449a0cde1eaa4789be2031
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 11:28:36 2005 -0500
updated version
commit dd4eca0b002b111abc61b43790b3dd394a274313
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 11:23:13 2005 -0500
a virtual ip that is in conflict with a conn that can not be negotiated is
not a conflict
(cherry picked from 9b069be1e2b438041d4c41075c4001e565568e2e commit)
commit 68f0780b8c7ea3f0409b77ba547eb9c5d0e76a2c
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 11:22:46 2005 -0500
simplify rnd.c --- remove /dev/random
(cherry picked from ed3044e3a989538ec84f0975b785fa1a27fb9cba commit)
commit d5e92acb3a3e900430a273d42ba55e744fe5945d
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 8 10:32:34 2005 -0500
be smarter about including git version info into version
commit 263981f7642e9b226e1a96edfecd6907dfe25a00
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Dec 7 19:17:56 2005 -0500
We need to use /dev/urandom first, as it has more random than /dev/random.
Otherwise, we run out really fast (within a few minutes)
commit 966fcd12a075dd05e3ac106fd5d342de9a44fa60
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Dec 7 17:54:04 2005 -0500
Use endian.h when comiling out-of-kernel
commit 8690e5c1c145620fc12fd7e21dad29463d31bf89
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Dec 7 12:55:01 2005 -0500
patch to turn error about 17/500,0/0 vs 17/0 error with Cisco VPN3000
into a warning.
commit 29055edd1bd84788bf8ff2e452f21c07c997756e
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Dec 6 14:02:54 2005 -0500
Tag as 2.git.public so we know the correct branch
commit 68d8759adce0f89e9034060a2c841a063a0836a2
Merge: 248a246 612e49c
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Dec 6 14:02:15 2005 -0500
Merge with ssh://vault/xelerance/MASTER/git-master/openswan.git#public
commit da906cf6d5e2ecdb8ecbb445e2058d268cbdc7c6
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 6 13:58:49 2005 -0500
revert _startklips to use ifconfig/netstat vs iproute2.
commit 9d5f7133dff2383048515471fbed28bc0f4ec44e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 6 13:51:42 2005 -0500
revert to using adns with 2.5.0 for now due to 99% usage bug in lwdnsq
commit be4557e58fb46780ebd6e733582f63eba9fc34b5
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 6 10:25:09 2005 -0500
remove test for NAT-T VID vs NATD payload test. It fails for reasons
that are unknown at this time, and this check is really being pedantic.
(cherry picked from 612e49ce6fc453e2c6cd093309d382f8fec90a5c commit)
commit 612e49ce6fc453e2c6cd093309d382f8fec90a5c
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Dec 6 10:25:09 2005 -0500
remove test for NAT-T VID vs NATD payload test. It fails for reasons
that are unknown at this time, and this check is really being pedantic.
commit a58c184af83ed8fd3a9e28a3dcb36bd16e2ac138
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Dec 5 22:46:04 2005 -0500
move list_certs -> x509.c, change BUF_LEN->ASN1_BUF_LEN
commit 248a2464ed5414c87c9328975c7f5deac9ce5aab
Merge: 9a937eb 8e3b86e
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Dec 5 21:49:47 2005 -0500
commit 9a937eb5b73726e54ae9d2c45787c727a6547e3f
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Dec 5 21:36:43 2005 -0500
Pull in correct interface code from 2.4.5. The ip addr stuff is broken
commit 482e312c2087caf94abe02e1969eea43509cfaeb
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Dec 5 07:59:55 2005 -0500
switch to OBJDIR if it is defined
commit f75bb33acb630017b79e11951f9671af50fd2171
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Dec 5 07:59:17 2005 -0500
add new files to Makefile
commit 6949eb131a95b36636e868df918a4c3bc2d2a984
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Dec 5 07:58:33 2005 -0500
finish refactoring secrets into libopenswan
commit 7832b8fd7d0b09d599ff9ef583cfc3208296ac2d
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Sat Dec 3 23:48:09 2005 -0500
make sure to include things that we need in the headers
commit 7cc4031a333b741221c91dadc817764ffc14ae62
Merge: a1a3499 8e3b86e
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Sat Dec 3 22:55:26 2005 -0500
Merge with /mara6/openswan/public.git#twokeys
commit a1a3499a63d6e914d983d0be89e6681060e17118
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Sat Dec 3 22:54:56 2005 -0500
adjustments to psk test case so that it will consistently run
commit 52a0f9a4ca36766507f21d2568316ef696b6881e
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Sat Dec 3 22:54:34 2005 -0500
test case for showhostkey
commit 200bec4bb1dde31afe582862742164cca931689b
Merge: 676ad60 8e3b86e
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 3 22:50:51 2005 -0500
Merge with /mara6/openswan/public.git#public
commit 8e3b86e7913f3289a8de864ec50372c57a246044
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 3 22:50:24 2005 -0500
removed extraneous + from manual patch
commit 676ad60fa96b4ea9af150a5cd0a68158392263b1
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 3 22:45:31 2005 -0500
remove extranous + from manual patch application
commit c6c0ef998829cedaec631befacb9dca569bb1869
Merge: 4110d8d 8e5935b
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Sat Dec 3 12:40:36 2005 -0500
Merge with /mara6/openswan/public.git#twokeys
commit 8e5935bfbcd2d593f698ed884b0cfff7b2a7167b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 3 12:39:26 2005 -0500
instead of the mess in rnd.c with various ifdef's to get the right name (or
maybe not use a random device at all), split things up so that we make a list
of devices we are going to try (and let that be OS dependant). If we don't want to
use a device at all, then have the Makefile select rndarc4.c. At present, the
makefile never wants to do that.
While I am not happy about using /dev/urandom, it may be all that we have. We
stir the result into a local random pool, so it's not all bad. Probably, we can
do less work if we know we are using, say /dev/hw_random, but our demands
for entropy are not that high.
commit 137cb5caa48f893e14d2fca0fe2f8462b8f89701
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Dec 3 12:33:06 2005 -0500
removed redundant KLIPS_DEC_USE;
commit 4110d8dba3b9ecc37d40a05b9f488adf86be6da9
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Fri Dec 2 23:25:40 2005 -0500
refactored programs/pluto/secrets.c into libopenswan such that it can now be tested
commit 96bc055d3ce319a1b04a6e5f64641b7edc0ea044
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 2 12:08:50 2005 -0500
remove extraneous KLIPS_DEC_USE;
commit 45a9be5f0c27cf671527b3e46e39cb2d3b1115c1
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 2 12:08:07 2005 -0500
update current openswan tree
commit 1488027a2fc78930de7fe41ca861ccbcf2e539c8
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 2 12:07:43 2005 -0500
add notes about how big l2tp overhead is
commit caa63df097cc969d14342de1aa6fcb0f8706a6f4
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Dec 2 11:15:58 2005 -0500
tested l2tp with two machines behind a single NAT
commit e5c8940462ab616aea3a2c3822d0b72f1e542d56
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Dec 1 14:56:44 2005 -0500
turn on nat-t debugging in pluto
commit edddf9dff20f8628f0c1ecae9183eff9058234e4
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Dec 1 14:27:02 2005 -0500
Add new output
commit 2e783830932d71496e993641258b16dfde9955ca
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 30 20:48:10 2005 -0500
proper fix for mtu calculation initialization
commit 7175e70de3d69f5c088f11b1d833ae33aa982c92
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 30 20:42:42 2005 -0500
turn off fragicmp= given mtu calculation patch
commit 67a56dad6a1a1a66000f4b36d43a29f9131a5107
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 30 20:42:25 2005 -0500
fix for initializing mtu calculation properly
commit 3472727b1dc07ef28bdd0f065f5c2d0d6df7f6d6
Merge: 9bea285 1696bdb
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 30 09:42:26 2005 -0500
Merge with ssh://vault/xelerance/MASTER/git-master/openswan.git#public
commit 9bea285f6b230973d7c4bc8e79fe92d5c5e1dc0b
Author: Ken Bantoft <ken at xelerance.com>
Date: Wed Nov 30 09:41:29 2005 -0500
Typo
commit 1696bdb3b72fe00fda2158bdd318edd586101e8b
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 29 17:56:33 2005 -0500
redo ken's changes
commit 8e01f8fb49b09aedace0971c639e7bb29efe9605
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 29 17:31:26 2005 -0500
sanitizer for putting processes in the background
(cherry picked from 53f5c2d5383ee686358909ca643aff79e1602f4e commit)
commit 937955499be6c3d5628867cfe0886bfa1b5a2ea7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 29 17:49:27 2005 -0500
merge with #public
commit d63338265051b5f08801562382929ebbffaa85d8
Merge: 1afb5c6 9aad0cb
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 29 17:40:52 2005 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 102b23756614769acfebcfecae4568906e3e8778
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 29 17:32:48 2005 -0500
try to actually use the l2tp tunnel
commit 53f5c2d5383ee686358909ca643aff79e1602f4e
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 29 17:31:26 2005 -0500
sanitizer for putting processes in the background
commit 9aad0cb851b388ccc8badc456d562e4f50acea21
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 17:00:22 2005 -0500
Fix for #518 - MTU sizes incorrectly set
commit 032ed5ea736260c8a2b24211f60dadc7ffb8b1cd
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 29 16:40:21 2005 -0500
attempt to actually use the l2tp tunnel (with fragicmp=no)
commit 5fb8e2d9c66cf4cccccb3f5dd263d0d5f4cccbbd
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 29 16:34:37 2005 -0500
adjusted test case to actually use the resulting tunnel.
Use fragicmp=no for this test case
commit 0c6a7c0bb60868854b48a783b9e4aed6db3e3350
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 13:41:51 2005 -0500
Variation of a fix for dpdaction=restart
commit b99d6b69cb191b996c93eebe8f9eb74e12781daf
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 08:08:14 2005 -0500
Fix test so it does what it's suppose to
commit b9236f5bd78dc649f15b6418558c5cf4783b74db
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 07:46:45 2005 -0500
Remove extra bracket
commit 4771ae38451f37f3578e977fb6a7bf1ffc470302
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 07:43:35 2005 -0500
Add new sanitizer for local directorytree
commit eedf18f67c304733f92edf49566ab50c614362a6
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 07:39:25 2005 -0500
Sanitize boot sequence
commit a5e01264bebd545ac79e7cb2ede53b6a4b22fee3
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 07:38:19 2005 -0500
We don't stop ipsec at the end of the this test
commit 66e77edab36016f101cc7a0cdc3a81973dfb9be0
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 00:26:38 2005 -0500
Working version of the test
commit 40027908cfe80e4295066f2b16a0920fe1802dc0
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 00:22:56 2005 -0500
Fix test name
commit 791fff668a1033fa7bbc883301c0922fbc6b6dad
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 00:20:23 2005 -0500
Add pluto log sanitizer
commit a76e40c6f91b502a358216aa793f80bcba8317ca
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 29 00:15:52 2005 -0500
Working version of the test
commit 404a99113de62b0f57168d4fd40133bc8bcb7e58
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 23:52:33 2005 -0500
Add new test for multiple aliases
commit edf32ac7159bcd1e966c97b31d2cf9cdbc788785
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 21:40:30 2005 -0500
Update with iproute2 output
commit 4d7ed6c726df9557b1a0a22980e63a5c27a48903
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 21:39:06 2005 -0500
No more tcpdump 3.8 sanitizing
commit ed11a0299f0f529139a324866f0ef68c97ab9676
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 21:35:50 2005 -0500
Sanitize tcpdump output
commit 5c6220fb08d71aa23658b10c515ba9c12d4693e4
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 21:34:59 2005 -0500
Adjust new pfkeyv2 output to match longer length
commit 7801208da13cd8f09b37f9e9766b495199d375e0
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 21:32:22 2005 -0500
Back to the old error status 1, since _updown is now fixed
commit f66b0a56eaa5c50e1104c8fcd6a3902eda472ad6
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 21:31:12 2005 -0500
No OE here
commit ba6ceea02978ff73de1cbe7bbd4fb0c800653a8f
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 15:14:41 2005 -0500
Include the OE route
commit baf77763bd7c877bf096701861544ba47014d4f1
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 15:02:42 2005 -0500
Update with newer pfkeyv2 messages lenghts
commit 3d0b5ee7c4d70bbc5b71262de7a4e125b1a0ac24
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 15:01:21 2005 -0500
Update with newer pfkeyv2 messages lenghts
commit 602b7895f4bb9e9d2775d7173f2d8510a9cdf523
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 14:57:24 2005 -0500
Update with santizied tcpdump output
commit cf02338b744c9ee533dd891ed09970aedc8a7691
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 14:56:36 2005 -0500
We no longer use kernels zlib, and don't include aes test code files in
our patch
commit ad02d46ae3dea7758d7b6a1b9a2bbe821c69ba03
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 14:54:18 2005 -0500
Add complete test output
commit 7d023d68c131f95ab4d92441e76b332d2d012c04
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 14:47:23 2005 -0500
Update with newer tcpdump output (supports ESPinUDP decode)
commit 1afb5c6678c465b9e03720fe02a821466853f571
Merge: 35a7fb6 7611602
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 11:48:45 2005 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 7611602905b0073df24d79d71b5e8882882b6cd1
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 11:44:34 2005 -0500
Adjust for sanitized tcpdump output
commit 38f362aef5b614e4fc05532c96cbc735831f4a3d
Merge: 49c4a8e 642922d
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 11:40:18 2005 -0500
Merge with ssh://vault/xelerance/MASTER/git-master/openswan.git#public
Unsure
commit 49c4a8e3dfe8b9c5607f2cc1e12a677528eb3fb8
Author: Ken Bantoft <ken at xelerance.com>
Date: Mon Nov 28 10:57:05 2005 -0500
2.4.0 is long released
commit 652192bfd19d2bd078b7f1eacaa24d48ba9b2c20
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 03:03:52 2005 -0500
this test case attempts to run two l2tp clients behind the same NAT
commit 67356f64858d728cd147b6e86ccfa936cdbdf1f7
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 02:45:18 2005 -0500
adjust test case to turn on nat_traversal, and verify that NAT
was in fact detected
commit 9f10c72cd3a9f293b3f6c5e8d93bf57c14632ef4
Merge: d7f3c71 35a7fb6
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 02:22:48 2005 -0500
Merge with /mara6/openswan/public.git#public
commit 35a7fb6342f1edd52e19caee0a710ace6fdca2c4
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 02:22:24 2005 -0500
adjusted to not attempt to use port 2/3 until after east has been
initialized (-03)
commit f5aace95db03279e00dc929047cca907c36173e8
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 02:18:30 2005 -0500
adjusted to not attempt to use port 2/3 until after east has been initialized
commit d7f3c71a94a03db4a9ddcbafa587b55287cc9e3c
Merge: e7326a4 642922d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 02:13:11 2005 -0500
Merge with /mara6/openswan/public.git#public
commit 642922d6aa09aff6e2a534ad3704e1686a4984c7
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 02:06:17 2005 -0500
further work on transport mode test case
commit e7326a41850eec15708b76ad917898cd6f67cdc3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 00:49:37 2005 -0500
test case with two l2tp clients behind a NAT: demonstrates issue with L2TP
and NAT-T.
commit 5659dc92ead9b6fd5babdecd3070f2cd9efea20e
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 00:19:38 2005 -0500
when examining virtual IP connection definitions, provide a bit smarter
logging as to what is going on, and with debugging, why each match test
has failed
commit 0af050f893f96e735e9f6ee8088e7167e289a052
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 28 00:18:44 2005 -0500
l2tp over IPsec tests -- now with 1 client behind NAT
commit ccd26cb6b9160f6345fe0d040d4dbfd86f572286
Merge: f4600a6 a1a7212
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 22:49:59 2005 -0500
Merge with /mara6/openswan/public.git#public
commit 266a5a5a22c62d639750148e3975d8d9b6234464
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 22:49:36 2005 -0500
make sure that iptables listing does not need DNS
commit 332e315022417d4440292f56ada445b501d73fe4
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 22:47:06 2005 -0500
test case now runs properly under test harness and passes
commit 592f35440fc19e732a0db5959029a356ae2a26d5
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 21:35:43 2005 -0500
test case for basic (no-NAT) L2TP over IPsec.
commit f84c7e51fd4750d03fcb2c83936619d542cb6f88
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 21:35:18 2005 -0500
make sure to turn on PPP options
commit 5e202edc5285b8d8f5261ec104d364b4726fc54a
Merge: a1a7212 f4600a6
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 18:32:44 2005 -0500
Merge with _updown_transport
commit a1a7212b45b94a66975b2a648d7f9e785515648c
Merge: e50156d d4ef616
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 18:06:33 2005 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#v2_4
commit e50156db76bc6d3a4c5378d0dfd675e116534b15
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 15:33:30 2005 -0500
better script to update openswan copy of kernel code
commit d4ef6168691fd742e96a7c6f55e3401741169ef6
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Sun Nov 27 15:29:34 2005 -0500
openswan 2.4.5dr2
commit 4d87ea81512020c23f75750771d7e4cf9cbe5439
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 15:13:12 2005 -0500
script to pull klips code from a kernel tree
commit 37d55c5e68c154aea2cd2eba4b6a961930f6a577
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 15:10:47 2005 -0500
changes to nightly testing to use git
commit b5e7e82345ed32f2a8a74e6a83cc74cb625cba10
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 15:04:12 2005 -0500
UML booting process description
commit e824b8903c4739d9f9cf97a7ae2fa03ee7f93757
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 15:02:48 2005 -0500
removed unncessary files
commit 6baa36eefaacaeff38983d6ffb50b8996c1885cb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 14:58:45 2005 -0500
removed umltesting -- now in docs/HACKING
commit 0a34cf7ad2c93aa6b6b89b9bfc35ba26d0302eeb
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 14:37:38 2005 -0500
test case for basic l2tpd + IPsec
commit 388d7ba9c9faa6b8fc812e5a48435f4e769637f9
Merge: 56682ca 493014f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 14:31:30 2005 -0500
Merge with git+ssh://vault.xelerance.com/xelerance/MASTER/git-master/openswan.git/.git#public
commit 56682ca28315a13636b624c71edf8f3a10cb8b18
Merge: f58cb45 210a792
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 14:26:15 2005 -0500
Merge with /mara6/openswan/public.git#public
commit f58cb4561d343b40caa7193d880cfde5e5678bd8
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 27 14:25:33 2005 -0500
adjust tcpdump to use proper flags
commit 493014fc30fdb43adecf3a5d266583936a523943
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 22:47:11 2005 -0500
-P isn't a real option, but -c is
commit 50edf8606e870e98f6b3153f7a45b1556893983c
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 22:37:36 2005 -0500
Remove bad .cvsignore.* files
commit 105178dd1ae4a3364b16e450f6fefcdbb41a5fea
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 22:34:20 2005 -0500
No tcpdump 3.8 output
commit 35ff12913e767ef5fe5f2e8cd6c390bddb9c1107
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 22:29:10 2005 -0500
Remove bad cvs files
commit 707e4a4bb1e127f805bff21c37066f1bbc4098a7
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:16:18 2005 -0500
iproute2 output
commit bb85870e21d47acd139e5620b8cfe23f1467b0d2
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:15:57 2005 -0500
iproute2 output
commit 3c7b0d765ce18ac5c765607a67d424aab010d425
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:15:33 2005 -0500
iproute2 output
commit 6829dc5354b59edb1bf2bc547bdae39bd7d96de6
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:14:55 2005 -0500
Add shutdown sequence to output
commit 528d5ab3c5a1cad51356292661a2fd31b629ea24
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:13:01 2005 -0500
Update for new kernel boot sequence (cramfs, kernel 2.6.13)
commit 49057ebea3b94643f04ac7a04750fbab49508fcd
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:11:50 2005 -0500
Sanitize last prompt
commit f9f80c5e6bfb8098e2be924530f7dad0640fedfb
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:10:49 2005 -0500
Add messages for additional ciphers
commit aec33f40c3f3de7143745262786d9a6130455470
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:09:20 2005 -0500
Sanitize last prompt output
commit 9fc9a63b6ce93c508ff402c5522620d648f99d68
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:08:36 2005 -0500
Use spi1-console26.txt as REF26_CONSOLE_OUTPUT
commit a830114e818a1f27341eccddd9b4b6fb062fb17f
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:07:03 2005 -0500
Sanitize last command prompt
commit 245503062fa1001b5e5c6c8125ca0c5cc0bf0305
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:04:37 2005 -0500
Adjust for output of all ciphers/hashs - we now build with EXTRA_CRYPTO
commit 833947af755d10333a3b2fe49ada41fffa9a6f43
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:03:42 2005 -0500
We now remove *all* the man pages
commit 0f2f6c870d4536328f326b36643083757eeb017d
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:02:19 2005 -0500
Update with newer kernel boot messages
commit b7f340a060f7b53e0e598f048e22d472e6b31e5c
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 18:00:26 2005 -0500
Update with new error messages
commit f4600a62216d88748733e38aedc6ad6b4670f3ec
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 26 12:37:28 2005 -0500
set Makefile mode
commit a0ec27bd9247e8ff9dac9a27919373ed489f7c94
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 26 12:36:51 2005 -0500
when searching for NAT-D payloads to match, look through all of them,
because not every system sends them in the right order
commit f1e3a0b569e8d8c4b22d8e071f2c25ea936d7c84
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 26 12:35:17 2005 -0500
include local makefile settings (optionally)
commit 18ef202687fb64564b2b434b6f11026328ab5877
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 26 12:34:41 2005 -0500
nexthop is not needed on ppp interfaces. unset it to make cases
work, where left is set but no leftnexthop (e.g. left=%dynamic)
commit 255937374e9dd07650b704eb09fd21a7277f57b4
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 26 12:24:36 2005 -0500
# Fix for Bug #66215 to solve SNAT/MASQUERADE problems with recent
# 2.6.x kernels.
# Instead of a /32 it seems better to use the netmask of the remote
# (peer) network for the sourceip as suggested by Patrick McHardy.
commit 6370f156b0ef27ffcbc15b784c47644e19089309
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:54:54 2005 -0500
iproute2
commit eae13a502279651457ed3486ebe14042012e538e
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:49:56 2005 -0500
iproute2
commit c76adb84dfbf17ee5d6e2a01a19a94b2b14aa771
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:49:20 2005 -0500
iproute2
commit f495edffc6a62a7547a98df141aefbb0cebfbf54
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:48:51 2005 -0500
Use post-tcpdump 3.8 output
commit 5b98bffb910e82e8679b1ad2fcdf7004797f0dfd
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:48:10 2005 -0500
Executable
commit 8948cd6449f29e1ab50976e1c8592fd481f6af1a
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:47:05 2005 -0500
Fix for iproute2
commit 7c2f4f2c5ff96c69fdacb3ec70732a2ff5d6ea13
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:45:54 2005 -0500
Fix for iproute2
commit a33bd30797992f900470acac13169c6a7cb2b2b3
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:44:47 2005 -0500
Fix for iproute2
commit 6097e1e4b212348cefc1b5c84072604c62140cf0
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:44:23 2005 -0500
Fix for iproute2, and disable THREEEIGHT
commit 6630811175f5bf89e0af27570466c8da88b518d9
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:42:51 2005 -0500
Fix tests to use iproute2 output
commit 43bd39d71a1eddb11af40ab7450593cb576901e4
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:39:44 2005 -0500
iproute2 output
commit 54674043e721daeb6e28e317b15bb23c971b0a6e
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:39:21 2005 -0500
iproute2 output
commit 38db1ef951eb4727936b331e0de6e5e1bb694779
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:38:46 2005 -0500
iproute2 output
commit 7239fa1a5ae3c2d91bb08728446cc91962a92a73
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:36:57 2005 -0500
Executable
commit f07809d3c8c6abaa9c0618a26b4d49b479a44309
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:35:59 2005 -0500
Executable
commit 9d985891fc85115fdbe1920ca9346bcbb8820482
Author: Ken Bantoft <ken at xelerance.com>
Date: Sat Nov 26 08:35:27 2005 -0500
Executable
commit dd7520247b3dd43f84e70d853f9ea2b93fb31580
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 26 08:17:56 2005 -0500
transport mode test works
commit c8caaefadf6937be54e9249db2aa9631a5fcf6b9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 26 08:16:30 2005 -0500
augment ipsec look sanitizer to deal with port-selectors
commit b6b40738fed34817e45bda25fa35e489664c3e53
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 25 15:20:54 2005 -0500
restore version 1.17 from CVS
commit ba1265ebacd6666f77eddbce2a92457ebdd82463
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 25 14:11:38 2005 -0500
set TTL properly for all kernels
commit e3cb993c9d518eafe846b793ea6643d708f58936
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 13:03:16 2005 -0500
Spaces should be tabs
commit 3595947b7f4fadbe389a8808860f3bbdca057a02
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 25 12:59:10 2005 -0500
rename west files to north
commit 00a1283524932111128f41667c68b1e39a9a89cf
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 25 12:53:11 2005 -0500
configuration files for communicating between east/west
commit 753a75ca5c8b31fa1e92c390368a06ed9ed2ef70
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 12:50:36 2005 -0500
Yes, we want CRAMFS
commit a462fa0028cce7759f63be4697bb6f4ccc625e1f
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 25 12:49:11 2005 -0500
clarify that CRAMFS=y
commit 7f9b66db36184029b08bdccb0c9770a1fdf63575
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 12:43:29 2005 -0500
make check fix
commit a1739c179b4a8757ab357f56722e6a72e6e1030f
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 12:00:53 2005 -0500
Add setkey-based eroute script
commit 06ecc0a5752aea17997595bc9c831c3348267c7c
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 11:07:09 2005 -0500
iproute2 output
commit 522a77ab5b3b35cf2eb0c9ebe1a117c999a01819
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 11:05:07 2005 -0500
Adjust output to show all cipher - we use EXTRA_CRYPTO now
commit ee8e2edb70f99dad891adf636cefef640e746628
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 11:04:05 2005 -0500
iproute2 output
commit 952eaf7de6d7bcc16ae72de25d92dba972115997
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 11:02:17 2005 -0500
iproute2 output
commit 7dbd49b51c0b6a759a2dd803e0c84c5e9346f739
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 10:59:51 2005 -0500
Fix output to match new ipsec interface test from snapgear
commit f742de9326d40a5f47efa08f9ade20c433c00b9c
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 09:47:22 2005 -0500
Pull in barf updates from 2.4 branch
commit 4dece41cd95a5d9509251eff5e6f8e36fc49ad4a
Author: Ken Bantoft <ken at xelerance.com>
Date: Fri Nov 25 09:42:45 2005 -0500
New Checks from 2.4.x branch
commit 31c9d0e231d1f2c9de094cdfbc2be85b69e70b5a
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 24 18:35:05 2005 -0500
Add proc/*/redirects
commit a3bba113bdb08b4fd50f33791f0350013669d534
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 24 18:32:23 2005 -0500
Pull in from 2.4.x branch some barf additions
commit 3707e7062b3fca40d309a48e9ea177230b39eaf6
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 24 18:18:42 2005 -0500
Enable HW Random by default
commit 2c27b473a3be1be1bf29b309044d232fbdee08a1
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 24 18:18:05 2005 -0500
/dev/hwrandom -> /dev/hw_random
commit 15d0120871ae79ef941fa61d003ed6b04cffde8b
Author: Ken Bantoft <ken at xelerance.com>
Date: Thu Nov 24 18:16:57 2005 -0500
Add a few more modules to look for in config.gz
commit 6cab19687e77b39d99cbade5deecc13337c22378
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Thu Nov 24 18:12:33 2005 -0500
Add Padlock RNG/AES support, if modules present
commit 519687090c5f7102c34c3afd172051ebdb9c2b57
Author: Ken Bantoft <ken at xelerance.com>
Date: Tue Nov 22 22:45:38 2005 -0500
Patch from David @ Snapgear to us ipsec_tncfg to gather the list of
ipsec interfaces to kill
commit ccd1709d6e64d6d6a8aad36935b3c080f90dd5d7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 22 21:52:03 2005 -0500
turn on options appropriate for cablelabs
commit 4404c644c923951f5886c788e18072cb95748fa7
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 22 21:47:58 2005 -0500
Set revision to 2.5.0cl6
commit f93465bbf266a189ccf11b88611ccd32c3cd4bb6
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 22 21:39:49 2005 -0500
optionally include Makefile.inc.local
commit 210a792e047476a8b43a0117e4b5b2ed100b7412
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Nov 21 23:31:08 2005 -0500
added facility to avoid building any kernels, and documented it in docs/HACKING.
Got rid of umltesting.html, stick to a text (emacs-wiki) file.
commit d4fb01c1c5475ce40705b47ec54cb408e34703ff
Merge: 4dfeb46 62ed097
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 22:41:50 2005 -0500
Merge with /mara6/openswan/public.git#public
commit 4dfeb4624fd1014353c72186f6f7e9854405e23a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 22:39:41 2005 -0500
more adjustments for set-u functions
commit 1e35cd694d74666abcd765323939d487180e95eb
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 22:39:17 2005 -0500
test case for having both raw RSA keys and X.509 keys in ipsec.secrets
commit 82d08bef8b6ab6862bfe49d0f50f10ec7dc0bfd5
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Nov 21 21:59:18 2005 -0500
add indication if there is a private key.
commit a1f04bcb3fea0c4e430906b91fa3308265948f30
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Nov 21 21:58:56 2005 -0500
removed extraenous ls -l.
commit 1e1616cde4a452302deee4f69b694022d7641f20
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 21:38:24 2005 -0500
run process_host for 1host tests to setup all variables
commit 62ed097bbf11943de77e963477c241018e278c36
Merge: f72c181 96beba2
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 21:33:34 2005 -0500
Merge with master
commit 98fd2eeac38a8959bd47623df94e7c6cec0fea1e
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Nov 21 21:19:48 2005 -0500
indicate if a public key has a private key associated with it
commit 6837e232e86864d759579fa6f57fafffc1da3992
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Mon Nov 21 20:55:36 2005 -0500
removed extraneous file
commit 9537346c50d8c2bcac68d3dd4dbe4e3832989928
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 20:36:15 2005 -0500
release 2.4.4
commit f72c1814caca2fa99b1529a9366e8038024ca65a
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 20:05:51 2005 -0500
various commits that have gone git->cvs->git too many times
commit c2e6bfacebd720eab48d2b2a1ba55ba1299d5323
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 20:02:10 2005 -0500
test updates from Ken
commit 74acd9c89f9b61150c3b6ec9e183c9bc3834e593
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 20:01:31 2005 -0500
updated to include trailing .git
commit 6f640496eded97388d1e373fc60a97bb25d754f3
Author: ken <ken at cyclops.toronto.xelerance.com>
Date: Mon Nov 21 16:29:44 2005 -0500
Note this is the GIT tree
commit 96beba29ebe961988a3b75c4f9d9181fd5420cfc
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 11:47:35 2005 -0500
turn off taproom and make note about swig requirement
commit 0931969be970fedd41f82af4a4e136ce8b539e79
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 10:47:12 2005 -0500
l2tp linux to linux test case
commit 924fd0fd586ebbc730ec1711dd773324ee3cdf1d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 04:42:59 2005 -0500
remove errant console output, and adjust test case to new ipsec look
commit 6c72fd29039c0bb54a9c0302289b4315c1a160be
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 04:37:22 2005 -0500
if UML_extra_DIRS is set, then go install to UMLs from them as well
commit 0795e289f524247a9425901e5777e335c3af6ad3
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 21 03:25:20 2005 -0500
adjust uml process to initrd with a cramfs
commit fcc2e1692dd5cf1c6bc2ffc4e282ab1b2ca0ec6d
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 20 12:05:20 2005 -0500
look for a per-host kernel to use, and reference the kernel by reference
rather than hard linking it
commit 551e596c88100c2b45fd513ecd5f21931fc98ad0
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 19 12:31:55 2005 -0500
changes to permit building without KLIPS_ALG
commit 519947dd94d01df5c9c9fbf0dae9470678dc5625
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 19 12:30:49 2005 -0500
change how default ttl is calculated to be simpler
commit 62f25fefe1274a3ac60d619dab09ae82119b8154
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 19 12:30:27 2005 -0500
deal with changes in 2.6.14 with sk->ports
commit 764f832b650ac68e51336b9e8bbf3ca58847e047
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 19 12:26:08 2005 -0500
change strstr to static if we need it.
commit 8b68ec7d17285ccc6ccebf66c077a399e8c79722
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 19 12:25:36 2005 -0500
update notes on using git
commit dfbbf562703dc93877fa8d379051e2d71eadd866
Author: Michael Richardson <mcr at xelerance.com>
Date: Sat Nov 19 12:21:49 2005 -0500
compiler warnings about #defines used when not defined.
commit 1671cddd6d78c1d480a72966251bb64d7c264509
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 16 20:14:46 2005 -0500
turn off modules for static kernel
commit bc38a0d83cdf3fd0da4086b7c6dc638e0f2f1874
Merge: 044097e 03ba7c7
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Wed Nov 16 20:14:13 2005 -0500
Merge branch 'public'
commit 044097e2dc7b4b944e25d61b3ae328b3954f06aa
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 7 22:35:32 2005 -0800
added ignore files
(cherry picked from 2d39519c9690e46fe97f1305520e981e1b535493 commit)
(cherry picked from 1af7e3ca97a32bd906d86a49f0a5269dbb1858aa commit)
commit 03ba7c7fc5b0e6890318e8ac2df297d6ea6553c2
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 7 22:35:32 2005 -0800
more ignore files
(cherry picked from c9f0f1970fccdd3110c42b68d3b660866121f24c commit)
commit 1af7e3ca97a32bd906d86a49f0a5269dbb1858aa
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 7 22:35:32 2005 -0800
added ignore files
(cherry picked from 2d39519c9690e46fe97f1305520e981e1b535493 commit)
commit 2048786ffb8a9f113a7c1d986039c66146c3f644
Merge: 932a91d 8a6bd0c
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Wed Nov 16 15:06:07 2005 -0500
Merge branch 'whackoptions'
commit 932a91d22b02980d557bde3207ffd0b3fb25b3dc
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 16 15:06:05 2005 -0500
trial fix for oulu c09 isakmp test case
info-sa-notification-message-type-and-data Ee-notify-msg-type, ee-string 306 4313 4618
commit 5d619e6c9805a0d600cab7c07aa3f3915f7d4bae
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 16 15:03:47 2005 -0500
commit f3552dfb7c0627534880692ef14a489cf6a7391b
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 14 12:52:21 2005 -0700
comment about 0 NAT-D has gone away
commit 6dd1eb96dd2a1d983596d5be883a1731d3f93991
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 14 11:48:22 2005 -0700
remove debugging and add callback to aggressive mode.
commit 1a914d74c03db3c1116d4d5752903ab2bfc56834
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 14 11:35:56 2005 -0700
It was not possible to invoke TCL callbacks from an initial (I1)
message. Doing this is harder because the messages are not encrypted,
and the new size has to be calculated by the callback.
commit edcda908aa1b05b80dd8fc0360deff0832989107
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 14 11:29:07 2005 -0700
remove extraneous template TCL callbacks --- now provided by pluto
commit ee7da207b0e9a1c4edd6922ab82314585240c38d
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 14 11:22:57 2005 -0700
adjustments to script to insert vendor ID properly into the first
payload, adjusting the length of the ISAKMP header.
commit 943f9ce351536225f2ffad746a0d5599ca0b604f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 21:13:57 2005 -0700
adjust +x on scripts
commit 02f172472777e35def927f8d4351c55bdd1b9a40
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 21:12:11 2005 -0700
test case with TPM massaging the first packet molested.
commit 329c8da2f792f04fb956086b664f2639017dfe21
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 15:38:20 2005 -0700
more work to make variables that may be empty work with set -u
commit a52b4be629eace1914068a2dbcc072ccc6bd0258
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 15:34:25 2005 -0700
distinguish between missing ike= and one that specifies
unsupported algorithms
commit 79cb5fb006f9beb7a03fe3b84f60cd999e88ae64
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 15:19:41 2005 -0700
duplicated basic east-west test case
commit 8a6bd0c33ddeb5fc04a16f6e1168fe0015304fbd
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 15:00:30 2005 -0700
added per-X hosts
commit 7e2442bf933c050ee65da4ac8e5e368e25d42a5b
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 14:59:20 2005 -0700
unnecessary duplicated files in GIT
commit 36cbd8d8a187168da57188185010dd685ca4bbf9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 14:57:58 2005 -0700
remove stock callbacks, as they are now provided by pluto
commit 34def9a40e78fa19c746b956d087b892df52db10
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 14:56:26 2005 -0700
more adjustments to make tests run with "set -u"
kernel adjustments so that umlplain will work with 2.6.13 (udev issue)
commit 8fd544ea462f40be43b2e09777b61cfa7042b73c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 14:55:10 2005 -0700
commit 5b90a2309b70ac097910984e15951fbbf9b51ef1
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 14:55:01 2005 -0700
commit 5ad6ac0cb7582d33c2ade8f8908f30ada55dff83
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 14:41:36 2005 -0700
add code to set defaults for TPM callbacks so that
they do not have to be repeated each time
commit e90f1705cdece77dd564016b7df548f644e1767f
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 14:40:42 2005 -0700
if phase 2 proposal is empty, it's okay for now (use default),
since we do not know how to merge the proposals at this time
commit 66f33c2527caa70ca984f1ee93d10ac51c954c1c
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 14:39:59 2005 -0700
adjust test case to make sense when WEAKSTUFF is off
commit 95c5c158c1c97a2c9010c623722e4658401e99d7
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 13:35:40 2005 -0700
make sure that a failure to find an ike= causes the connection
to fail to load, and ALSO causes it to fail to be negotiated.
commit 56ab31b8239f197f99be0b7861cf93dfe4b76cd9
Author: Michael Richardson <mcr at xelerance.com>
Date: Sun Nov 13 13:19:31 2005 -0700
removed ike_alg_db_new (dead code), make sure that debugging from
oakley_db_new() is accurate as to which function it is.
commit 42fcbc2871913192bf1d3bf9717a03d7bf2c8a9a
Author: Michael Richardson <mcr at xelerance.com>
Date: Fri Nov 11 07:58:47 2005 -0800
adjustments to vendor ID processor to make aggressive mode
work with DPD and NAT enabled. May still fail to negotiate
NAT properly.
commit 675b9c8eca2105ca1130dc958a0d3c4d358e1dfb
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 10 23:29:47 2005 -0800
case data buffer for atodata() to char* for now.
commit b7aaeb378b8b9019768f46e514ade5ca93c46307
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 10 23:16:40 2005 -0800
make sure the encryption key is unsigned
commit a10a8563364def0bd34772f033b5119cb7bdcfb5
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Thu Nov 10 23:02:25 2005 -0800
adjust strstr to not conflict with ipsec/string.h, as
ARCH_STRSTR is not reliably defined
commit 49ca70307c77189fc66200c9c3aea31a86e6e1d8
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 9 21:01:40 2005 -0800
adjustments in GIT tree to make test cases function,
obsolete ARPREPLY option (replace with EAST_, WEST_ARPREPLY)
commit 2884651078ff9ba7dfbb1242ddc3b28b99bc1829
Merge: e06fe11 1ac9f4b
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Wed Nov 9 19:13:26 2005 -0800
Merge branch 'public'
commit e06fe11fc052be6fb9243523417b5810cd437237
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 9 19:13:22 2005 -0800
added all of libraries to TAGS target
commit 1ac9f4b1073fd3c19d02e908cdd4dad6c3fe08df
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Wed Nov 9 18:01:02 2005 -0800
Git instructions
commit 0270f04fafaae3da94a617a1a548373207f29d08
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Tue Nov 8 16:56:15 2005 -0800
added SOP for using GIT and CVS
commit f927d71285b898369a111c331bc4d97eecdb293f
Merge: 3b28696 b59cf28
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Tue Nov 8 16:22:29 2005 -0800
Merge branch 'nightly'
commit b59cf28b833d4fc4a7a1e14a260348e98bfaff5b
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Tue Nov 8 16:15:46 2005 -0800
look command now inserts header, and sanitizer uses it
commit 3b2869627effaccdd48726b66927c7fceb22f622
Author: Michael Richardson <mcr at marajade.sandelman.ca>
Date: Tue Nov 8 14:50:08 2005 -0800
added 2.6.12 and 2.6.13 options.
commit 426c11c73a2fed4ba0482cfb18729e5136cd9fcc
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 8 14:36:30 2005 -0800
added files to TAGS list
commit e205c74c7e6da8fdbfd0f6be3c3fd706ec809d72
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 8 14:27:15 2005 -0800
adjustments to testing infrastructure to make it run
with set -u in script
commit 05e57a4ab0b838326ef0340605422b2e4ab62666
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 8 14:15:30 2005 -0800
adjust key parameter to be unsigned to better match reality
commit 2454e99bcea445494db79749a885509affd7ebc4
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 8 11:41:49 2005 -0800
added missing {
commit 0ff116793c61455b3507bb15f21f3312573f7d25
Author: Michael Richardson <mcr at xelerance.com>
Date: Tue Nov 8 11:27:00 2005 -0800
rename initiate_opportunistic to initiate_ondemand
commit ceb935c16e2e39d7e3042b67e23e4dc0fc7cb077
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 7 22:36:28 2005 -0800
introduce big logical sets including test case
commit ff515a7e48e4433c1a7c7b5cad1391a0dbe3db27
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 7 22:35:32 2005 -0800
fix typo in search path for test case source
commit 55cf023b0c94ee8375ee2a9f630e826807f3b0c7
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Nov 7 22:32:42 2005 -0800
remove files that do not belong
commit 5ac95d7bdffe885e1114a3eba2d2616e296bf254
Author: Michael Richardson <mcr at xelerance.com>
Date: Thu Nov 3 22:37:45 2005 -0500
make routines that return booleans as such.
commit 92fd5f007862cb0a114422add833d7ba33f8f0b5
Author: Michael Richardson <mcr at xelerance.com>
Date: Wed Nov 2 17:28:16 2005 -0500
added chmod and +x to many flags.
updates plain UML configuration for 2.6.13 things
commit b9799f161587370a8afba6a827c30307c2f9020a
Author: mcr <mcr at marajade.sandelman.ca>
Date: Wed Nov 2 15:28:03 2005 -0500
pruned out deleted files from tree
commit 7836dfce24a7d46a5a6a153dad47e2aabf6362d6
Author: Michael Richardson <mcr at herring.sandelman.ca>
Date: Wed Nov 2 14:01:00 2005 -0500
openswan HEAD as of 20051102
commit 9884278826e09e5dd78fcbc3d5c38310e12527ce
Author: Michael Richardson <mcr at herring.sandelman.ca>
Date: Wed Nov 2 13:31:36 2005 -0500
openswawn 2.4.0 release
commit 9b5be049ddc8387495cef8b91158aaa114f17cd7
Author: Michael Richardson <mcr at herring.sandelman.ca>
Date: Wed Nov 2 13:10:32 2005 -0500
commit a87bf151b7b6566a3d4560584c8e6b2884123780
Author: Michael Richardson <mcr at herring.sandelman.ca>
Date: Wed Nov 2 12:48:48 2005 -0500
openswan 2.2.0 release
commit 241fba64a3c8c993db820343b76063d51475d843
Author: Michael Richardson <mcr at herring.sandelman.ca>
Date: Wed Nov 2 12:31:00 2005 -0500
files added in openswan 2.1.4
commit 0ce6b23af8d3dcc45499a456bc1ee876766cba56
Author: Michael Richardson <mcr at herring.sandelman.ca>
Date: Wed Nov 2 12:29:42 2005 -0500
openswan 2.1.4 release
commit 6a3b72d55d831a275934773b40228809d9101eb2
Author: Michael Richardson <mcr at herring.sandelman.ca>
Date: Wed Nov 2 12:27:49 2005 -0500
openswan 2.0.0 version
commit 682721bb4dcfbbc1b1f9c1f72e82dbf87b5fae32
Author: Michael Richardson <mcr at herring.sandelman.ca>
Date: Thu Oct 13 02:59:20 2005 -0400
Initial commit
More information about the Swan-commit
mailing list