[Swan-commit] Changes to ref refs/heads/more_modecfg
Paul Wouters
paul at vault.libreswan.fi
Fri Dec 6 04:01:29 EET 2013
New commits:
commit 3cbc938f57e4e21a6137952c49983d30f04bc5ac
Merge: 3a4e109 34f59bd
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 21:01:22 2013 -0500
Merge branch 'master' into more_modecfg
commit 34f59bd644589ed387b1a5fa71a782fcca1af61c
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:55:51 2013 -0500
testing: Added testparams.sh for all strongswan test cases
commit 146649242b96f1410975c755bfa5e7ac3bdcadbf
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:55:18 2013 -0500
testing: update to ikev2-delete-01 - but not fully functional yet
commit c577b07f2cc921bf94dd51e485240412d1195e92
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:49:43 2013 -0500
testing: updated basic-pluto-06 (serpent esp) testcase.
commit 03d107ec26109ab66e1484eac834ec5dfcd4bbaa
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:48:09 2013 -0500
netlink: Debugging line about xfrm_algo type was using loglog()
Resulting it showing on the whack prompt.
commit 491e234410e4a4db5155afc1a2b79b46390375c4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:29:24 2013 -0500
testing: fix sanitizer to not cut ipsec/parent SA algo/ciphers
We used to cut out half the line, losing the encr/alg/keysize logging.
This will cause some testcase output differences that will need to get fixed.
commit de20306c1db5834b459792bc00d64c9315aec7ab
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:28:36 2013 -0500
alg_info: Don't add GCM salt in parser_alg_info_add()
Also removed some goto statements
commit 524ce40b3370be98f2b4f9f01b7f83f925891596
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:25:19 2013 -0500
IKE: Remove GCM salt in kernel_alg_db_add(), add to IKEv1 compute_proto_keymat()
Renamed kernel_alg_esp_enc_keylen to kernel_alg_esp_enc_max_keylen,
which matches what the function actually does. Remove the AES exception
for not using the maximum (256) but a hardcoded 128.
commit fe50a76e9701dbbeb50d294f0d126fb47b35c798
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:22:35 2013 -0500
whack: change --debug-klips to --debug-kernel to match pluto args
commit 909c15573e0d9551ea7c8ad3516ce6b3e893e224
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:21:09 2013 -0500
IKEv2: Allow GCM proposals without INTEG, improve logging
Ensure an integ none transform cannot be in a set with another integ
transform. Ensure GCM has either no integ or integ non transform.
Added ikev2_enc_requires_integ() for some deduplication of code.
Fix logging in spdb_v2_match_child that swapped "failed/success"
commit 97f6b9d930b6b8b67f9bc0c31215874d0c7cdc90
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:20:27 2013 -0500
IKEv1: remove addition of GCM salt bytes, de-uncrustify some mess
commit 8e2013f667d3ee40d219bebd93f641b6cbbdb650
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:19:52 2013 -0500
xfrm.h: sync up with latest kernel version (adds XFRMA_SA_EXTRA_FLAGS)
commit 1edbaca1c539ef5fd31c6865d9e16a0da44a1b28
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:18:45 2013 -0500
netlink: Rmove addition of 4 bytes of GCM salt - improve debugging
Log registration failures for esp and ike (CCM/GCM register calls are here)
commit fd8c7cd568047ab397d685cf53711ed4d20c66ec
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:17:39 2013 -0500
kernel.c: setup_half_ipsec_sa() add GCM cases to add 4 byte salt
Also remove a bunch of debugging errors in favour of a passert()
commit 47895de58b579ee13865cc92bdc3654e9f7cfbbb
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:16:28 2013 -0500
IKEv2: abort failed IKE without a bodged continued attempt to build a packet
commit 0e451a825793e478bd1b00358011a78bf8ca9b9a
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:14:00 2013 -0500
IKEv2: add GCM salt addition to keymat size in ikev2_derive_child_keys()
Note instead of the old solution of changing key size from the configuration
or negotiation, we only change the keymat size. It's much cleaner than hacking
the key size all over.
commit 31dd604cc54005de1839499bcf2546faf460f4db
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:12:43 2013 -0500
IKEv2: Added ikev2_sec_proto_id enum, moved AES defines, added comments
commit 1ace75f64622127572ed7ede06ddae9269753a13
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:08:45 2013 -0500
testing: improve sanitizer for strongswan
commit 85aaad685ff2e6f36e893477a7e632fcdacca0d7
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 20:07:38 2013 -0500
testing: added interop-ikev1-strongswan-04-psk-aes-gcm which passes
commit ecffe00c65c51289044eef4c0810576c8735c2a1
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Dec 5 19:30:32 2013 -0500
testing: interop-ikev2-strongswan-09-psk-aes-gcm passes
commit 6de4277f254776c6e1963ecf3b03145199104cb9
Author: Matt Rogers <mrogers at redhat.com>
Date: Tue Dec 3 21:31:32 2013 -0500
x509: remove unnecessary NSS function call
load_cert_from_nss() tries two different calls to find the
certificate. Since we only use the cert nickname, the
CERT_FindCertByNicknameOrEmailAddr() call is not needed,
and it uses PK11_FindCertFromNickname() internally
anyways.
commit 9b3445db4a41e3e0cf5bd1d96237baa5f3ba8899
Author: Matt Rogers <mrogers at redhat.com>
Date: Tue Dec 3 17:11:43 2013 -0500
x509: fix for https://bugs.libreswan.org/show_bug.cgi?id=116
Abort loading a connection if the certificate specified by
leftcert or rightcert is not found in the NSS db
commit a5eb51dccb7ce08dda07adec798e2516e80c4a98
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Mon Dec 2 01:54:42 2013 -0500
minor tidying
commit 630e938773b233f77fc4494fc8dbf2c3ac94253a
Merge: b33de97 2fabc80
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 21:36:58 2013 -0500
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit b33de97b492eb10ba95e1224dbf5bfa9d657538d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 21:36:07 2013 -0500
ikev2: no longer abort (and crash) on STF_INTERNAL_ERROR
This is now the same as IKEv1, which also does not crash on these.
commit 523ee509f7110862dd497027a58dd327c40ad804
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 21:35:35 2013 -0500
ikev2: some out_srtuct various used bad return_on() macro or ignored return code
commit 22797771dbaef8364dd9696374474a9d187e43eb
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 21:35:02 2013 -0500
uncrustify anomaly
commit af7fe58fffe50e01da1a16525702991da9032419
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 21:33:04 2013 -0500
clarified some fields and added enums to ft_enum entries that missed it
Note that ikev2trans_fields has a field for IKEv2 transform ID but
we cannot enum that because its exact ID type depends on the
transform tye (enc 0, auth 1, integ 2) and the lists of these are
slightly different (for AUTH_NONE with integ)
commit 7a3ade76a3385a90d7ef3e33a7467a7945c3ae26
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 21:32:28 2013 -0500
changed two enum_name()s to enum_showb()s
commit d57d871dc1e7a3176956a29c82b3d5bf1592a6cc
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 21:31:36 2013 -0500
ikev2_trans_type_encr_names upper entry wasn't updated.
So we were missing entries between IKEv2_ENCR_AES_CTR and
IKEv2_ENCR_CAMELLIA_CCM_C.
commit c8f70b512eb88bcc872e1d4b50195e1851303152
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 21:31:15 2013 -0500
added comment
commit 2fabc80d3e764b97056cf97fba8acdd884493e32
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sat Nov 30 14:00:32 2013 -0500
simplified programs/pluto/ike_alg_serpent.c's do_serpent
commit 4631e29cf3ecf11dc8b674667aaaaf2ac034465b
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sat Nov 30 13:58:42 2013 -0500
make aead_algs const; fixed collateral damage
commit e9f5b0febbeab44773cc577ff55a3b43b6c6fc19
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sat Nov 30 13:28:14 2013 -0500
fix spelling
commit b8c20ae97b1f7896bb939697cfd264bbe9d3a6ef
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sat Nov 30 13:05:43 2013 -0500
rename ike_alg_find and ike_alg_ikev2_find to ikev1_alg_find and ikev2_alg_find
commit 97b157f82b8b903c7a43779fbf15eab9cf0ca791
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sat Nov 30 12:48:52 2013 -0500
- eliminate unused third parameter "keysize" of ike_alg_find and ike_alg_ikev2_find
- turn some ike_alg_add checks into passerts
- eliminate vestigial return value from ike_alg_add
commit 121e03b174ecb1bfdda83f71026419aa9f2c6230
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:45:59 2013 -0500
Changed remaining plog() to libreswan_log() in programs/pluto
commit 224dc5c5ed647b579007e40a4ef909923a3db507
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:43:51 2013 -0500
clarify already existing registered IKEv1 vs IKEv2 algorithms [Hugh]
commit 34f11b0d0184d475f16f9959aadc13c1847552cf
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:30:06 2013 -0500
remove an extern that has been made static
commit 248a2d4a8b15df241451aa281b651fa92cd931fd
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:29:39 2013 -0500
testing: update known good output for ikev2-algo-03-aes-ccm
commit 711150b46fc2d68f13ae808dbb41324cf8b4609b
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:28:54 2013 -0500
added aead sanitizer to netkey-xfrm-sanitizer.sed
commit 053be8d5f08de69168420d0e02e1f3744eacd79e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:27:37 2013 -0500
v1tov2_encr() translation table for IKEv1 - IKEv2 had missing entries
There was no entries for camellia, twofish, serpent.
commit 7fc9e3f4d7a1711bb22846fe7b822faa5a581db8
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:26:56 2013 -0500
strip_prefix() was not stripping a leading underscore from names
commit 3f7dfe35af132c92e364aa7d178fcd23b2917748
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:26:31 2013 -0500
kernel_netlink.c: make some more functions static.
commit 9d87c718833cc14f6ba02a3b70cef7a22946ac4c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:25:37 2013 -0500
fixup various encrypt_desc structs (twofish/serpent)
Ensure they all have a IKEv1 and IKEv2 id, name and officname.
commit b29cfbcfd1c177da8bdacda76a9b6382eaf38b69
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:24:16 2013 -0500
fixup ike_alg_add() - don't use ikev2-only check
Also changed the struct member enum ikev2_trans_type_encr algo_v2id;
to a u_int16_t because it is used for both encr and hash algo ids.
commit d771bb6116ed716d5e68248337f1356e284bb843
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:23:09 2013 -0500
kernel_alg_add: print esp_transformid_names for easier debugging
commit 6ee2e1b144abb79551be777aedb9d8c1c49605f5
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 11:21:46 2013 -0500
add serpent/twofish defines for IKEv2 IKE algos
commit dcec5e477d3c559ebe69a9f324421c377b82d814
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 30 00:39:30 2013 -0500
testing: fix netkey sanitizer to not strip out "spi"
commit f63afc521790bd94d3152a92fa0d0497e63deeac
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Nov 29 22:18:55 2013 -0500
Deleted final remnants of unused programs/pluto/ago directory
commit 4f6f6500dcdefdc93cf6b8bdcd164912a9adf04d
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Nov 28 17:12:44 2013 -0500
bring pfkey_lib_debug back out of #ifdef __KERNEL__
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit a5f2e5439e0298540b0d8e8113e78b782de15853
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 28 17:10:26 2013 -0500
testing: dpd-01 updated to test without using trigger traffic
commit 300069920ed5acbd0d78bc0e857aa19e306e5caa
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 28 17:09:34 2013 -0500
testing: Added dpd-01-netkey
It currently shows an odd transport mode policy after DPD failure
commit 9b7dcc7717eeb88e76eec25f1634ebe4a3f557b1
Merge: c89a4be e396cd5
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 28 17:06:46 2013 -0500
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit c89a4be93869cc9ff7689999d343cddc5a0bd91b
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 28 17:05:18 2013 -0500
Update IANA/IETF values, remove OAKLEY_SHA alias, refuse loading numbers with no names
commit 937225f592a6a40cb8e7b54547976aba00ad3986
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 28 16:10:36 2013 -0500
typedef int bool in libreswan.h conflicts for KLIPS
Used an #ifndef __KERNEL__
commit 806fea550bd1982894b97963d14276871a32920b
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 28 15:33:28 2013 -0500
testing: dpd-01: changed to verify tunnel establishes without trigger traffic
commit 9b2cd32779c30dfbd6fa15f06169a8ad28aad3a4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 28 14:51:14 2013 -0500
testing: Created netkey-xfrm-sanitizer.sed and added to default list
commit e396cd58a901e3d12ef8bd7249a054ec919a4d19
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Nov 27 00:13:03 2013 -0500
v2_delete_my_family: rename local variables to make code clearer
commit ef8f9d77b3a02146b605751d2587cd37f90420d4
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 23:24:15 2013 -0500
Rename some trans attributes with ikev2_ prefix, fix ipsec status
ipsec status displayed states assuming IKEv1 algorithms. It now
properly uses IKEv2 names for the IKEv2 values, and added the IKEv2
only PRF value as well.
More consistent and clear enum names in constants.c, trying to match
IANA where possible.
commit a42c39b23cee6a759986fba73e66c5733e3b0a66
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 23:22:18 2013 -0500
IKEv2: Added new IANA enc algos to ietf_constants.c
commit aeef7f7399c2107d2767ba1f95c9bf0668568f59
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 21:14:23 2013 -0500
pluto: rename trans_type_* enum_names to ikev2_trans_type_*
commit 996b826f096686b5efcbf531b00b4f60bf805151
Merge: 4a9b80c aa8062e
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 19:57:34 2013 -0500
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
Conflicts:
CHANGES
programs/pluto/ikev1.c
commit 4a9b80cfbfcee4dc72802c7514289d65a7833f5f
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 19:56:08 2013 -0500
update changes
commit cec507a5ac45daa89c0f28c43b86c770e6520a60
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 19:51:19 2013 -0500
pluto: change ipsec_notification_names to ikev[12]_notify_names
commit 4046feed17916601aa3b8aeec151cf00b85cf1b2
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 19:50:38 2013 -0500
testing: various test case updates
commit 7ea3b0261e8ec3f6b7d0983af15a081fb9482842
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 19:49:38 2013 -0500
testing: strongswan needs an additional sanitizer in testparams.sh
These use the default-testparams.sh and than add the strongswan
sanitizer.
commit 4e43e6a9fb46c9bd66d06383603e49e3b88cd367
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 19:48:17 2013 -0500
testing: added strongswan sanitizer
commit 2899351224fe2940aec37d7656e1e392c0fe07f0
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 19:46:49 2013 -0500
SECURITY: Properly handle IKEv2 I1 notification packet without KE payload
commit aa8062ed6bcd4e4a5ee516d8389beaba7b606507
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 19:40:39 2013 -0500
update changes
commit 0342fcc294599fb419478eea20680911521798f6
Merge: dc2fb3d 677f256
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 19:36:57 2013 -0500
Merge branch 'hugh-wip' of vault.libreswan.org:/srv/src/libreswan into hugh-wip
commit dc2fb3db2902d1a6d9c5fd566bfc016d8f019564
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 19:36:34 2013 -0500
Comments: Clarified some IKEv2 delete SA code
commit 677f2565d920c6ed171130544a14c2cfc8b6022a
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Nov 26 19:10:48 2013 -0500
v2_delete_my_family: fix assertion mistake
commit 8f9e0345f3cc546a9d235d1ba6139098d0959a07
Merge: 05ebb0e daf45e1
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 14:14:06 2013 -0500
Merge branch 'master' into hugh-wip
Conflicts:
lib/libswan/lswconf.c
commit 05ebb0eb2493f9c8d6473d996c6732e765177bd7
Merge: 7db45e3 6561b56
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 26 13:57:54 2013 -0500
Merge branch 'hugh-wip' of vault.libreswan.org:/srv/src/libreswan into hugh-wip
commit daf45e1b7e22c9346778af9a89bc6e7cd197db94
Merge: 2b3082a cd36d5d
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 25 13:24:26 2013 -0500
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 2b3082a7cd787c4c6e285257706404759901fae4
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 25 13:24:02 2013 -0500
testing: added sanitizer labeled-ipsec.sed
commit cd36d5d19290fd8dbd9102c10d8226e439641bc5
Author: Matt Rogers <mrogers at redhat.com>
Date: Sun Nov 24 22:08:17 2013 -0500
x509: Minor formatting cleanup
commit ecd8ec090a8c6c50b2d3137aff6bbf6d5d9c69eb
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 23 13:25:24 2013 -0500
testing: updated three more test cases
commit aef70a8d0860d768c107a6483ec76e1cc989daaf
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Nov 22 14:57:17 2013 -0500
testing: added basic-pluto-13 for esp=cast128
It seems NETKEY/XFRM also does not support this (anymore? yet?) or there is a bug
with respect to the name (cast vs cast128?)
"westnet-eastnet-cast128" #2: ERROR: netlink response for Add SA esp.fe470ce2 at 192.1.2.45 included errno 38: Function not implemented
commit 7aff57ee134840e0bfc851f366e87be1f46c8c61
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Nov 22 14:42:49 2013 -0500
testing: added basic-pluto-12 which tests esp=camellia
commit 90fac12b4770bcb2ccb25db8fb656e9ee80c24ab
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Nov 22 11:32:59 2013 -0500
updated changes
commit 3e261712ebc05e1396b793bfccdc936414ba4bfd
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Nov 22 11:30:55 2013 -0500
KLIPS: Claim we do namespaces to make it work for the simple host case
commit ace99bdab9145cd23ce6cb5f1590291d34193be2
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 23:56:22 2013 -0500
updated changes
commit 1e81bff423242ca8e314a94eae4a858570be1729
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 23:55:24 2013 -0500
KLIPS: PDE_DATA() is also needed on 3.9 kernels
commit 3d9561b957507c81d2c01fa90e25beee1d6948fd
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 23:46:29 2013 -0500
testing: remove all testparams.sh so test uses default-testparams.sh
commit 25d1d7576030cd86208e593e3120a899b7531a4a
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 23:43:59 2013 -0500
testing: fixup 3 more test cases
commit 432f79d1cf6e54bf08c388decbbfd55ce7b6db94
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 23:23:40 2013 -0500
testing: fixup ikev2-major-version-initiator
Note that we currently only log:
Informational Exchange must be encrypted
We should show more details, in this case it would reveal the true
error is INVALID_MAJOR_VERSION
commit 93e80fb1cd1ebce0a271bea3433d38ba19ed4a92
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 22:00:17 2013 -0500
ikev2: created build_ike_version() to consolidate IKE version code
commit b602a672fd930ec9b7fcd0d35e8480fedb365910
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 21:59:22 2013 -0500
testing: added new syntax of ping to fixups/host-ping-sanitize.sed
commit e55d607afa7b2ae0c35cf6a2c14afc57594f6d03
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 21:58:54 2013 -0500
testing: added labeled-ipsec.sed to default-testparams.sh
commit e32250a268009c4cd41d14bb0f6145cb21343f67
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 21:58:30 2013 -0500
testing: updated output for ikev2-01-fallback-ikev1
commit 9da583f1c1d045a7914b12447ce599bd584f65ad
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 21:57:41 2013 -0500
testing: updated outpur for basic-pluto-0[1234]
commit d98b6946e6c97c848966cc50bc502cf3e6c16499
Merge: 349d03d c3699d4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 21:54:10 2013 -0500
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 349d03df5392dd92049abdc494891be5c049a1ac
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 21:53:53 2013 -0500
updated changes
commit 96495d1c78c205b9e08b3567b150514177895866
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 21:51:08 2013 -0500
NETKEY: Add esp=twofish and esp=serpent as valid ESP algorithms
commit 0a66406546c0afd200d5d07a61522173c045bd0f
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 21:49:17 2013 -0500
testing: fixed twofish and added serpent test case
commit 5efb4553050a2511656fee152a0f1a52be48d59e
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 20:21:58 2013 -0500
testing: fixup add filter for new AVX or AES-NI kernel output
commit c3699d4353fe2e21337cefeef0e36a1b8a909d60
Merge: 733887c 0dd632b
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 15:54:48 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 733887c08e0c074b6d6660c3a7e649c353bd03e8
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 11:57:59 2013 -0500
update changes
commit 88ed7600fb8581514b80a56aececd2b54fba4e4e
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 21 11:56:26 2013 -0500
barf: don't load l2tp kernel modules and use new syntax (rhbz#1033191)
commit 0dd632bddddca70eff73e07ece9f77f7adb35314
Merge: 47dd412 1688f77
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Nov 20 12:18:53 2013 -0500
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 47dd41230049daff941a8429e6791ce9badaf554
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Nov 20 12:17:30 2013 -0500
testing: dont bring up dhcp/eth3 on nic per default on fedora/rhel
It causes us to route the eastnet when pinging from north, introducing
the eth3 IP in the output. Leave it there to manually bring it up.
commit 1688f7768c0dacf371a7df6a32cc39981c91b3ab
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Nov 20 12:15:01 2013 -0500
testing: support a global testparams.sh
if there is no per-test version, use the global one. This gets rid
of most testparams.sh per test and makes it easier to add a filter
to all tests (eg like i just did for labeled_ipsec and a different
ping output)
commit e0b6ac07279d65e3103ba5b6bfe27674c0826e96
Merge: 2687153 bd2e9ba
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 19 18:28:11 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 26871534ff8b4581c50004844d8387967e74d7f1
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 19 18:23:27 2013 -0500
testing: log labeled_ipsec info as "no" to ease testing output
This makes testing output the same regardless of whether we were
compiled with USE_LABELED_IPSEC (which requires SElinux which is
not available on debian/ubuntu)
commit 76ba9e855301a574f8c1167920ed6fc44c5c6171
Merge: efead90 bd2e9ba
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 19 17:52:41 2013 -0500
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit bd2e9ba3381f9f78a4368d0155db916e974929ac
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Nov 19 19:44:24 2013 +0200
CHANGES: 87edb2e1813fd320ce7b85711b1f92ad905c12cd
commit 87edb2e1813fd320ce7b85711b1f92ad905c12cd
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Nov 19 19:41:42 2013 +0200
setup: fix systemd init detection
commit 7829e69bc32c68cc35b921fcdd83b6d84cdb97d0
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Nov 19 18:16:44 2013 +0200
CHANGES: b89d42d3fbbdaaef13883ef02bf9f295155075b6
commit b89d42d3fbbdaaef13883ef02bf9f295155075b6
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Tue Nov 19 15:25:41 2013 +0000
initsystems: fix typo in openrc script
Signed-off-by: Tuomo Soini <tis at foobar.fi>
commit efead90bd34bb634e827a42492a7385a10155a06
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 18:25:42 2013 -0500
testing: known good output for replay-authip-01
commit 55efcab981bc38c6540ce35d075319b6e6dd2b0a
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 17:50:40 2013 -0500
ikev2 impair testing: remove use of hardcoded IKEv2 BUMP defines
Use DBGP(IMPAIR_MINOR_VERSION_BUMP) and DBGP(IMPAIR_MAJOR_VERSION_BUMP)
instead.
commit 64f7454f2b68414438077771d532be615e0fa9eb
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 17:44:52 2013 -0500
testing: update ikev2-major-version-initiator
commit fc8d5aee00c7814d67932b87f3e155f89af084cb
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 16:04:34 2013 -0500
updated changes
commit c24864394729bfea0cff597bee7dbefb61199d50
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 16:03:22 2013 -0500
ikev2: in R1 don't copy their IKEv2 minor for our reply packet
They might be running IKE 2.1 while we only do 2.0, so our reply
should be based on our minor, not theirs.
commit b99e6aa5b1d2dddf910b15562c60d4559427526a
Merge: 13f9419 6a5e804
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 15:59:56 2013 -0500
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 13f9419eef2ec91791f88f3dd26a54205c5a315d
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 15:59:04 2013 -0500
testing: added two new console outputs for dpd-04
commit 353c940917c7617d5b26e03056ef3f39071d9f9b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 15:58:12 2013 -0500
testing: added replay-authip-01 test case
This tests a crasher found only in libreswan-3.6
commit 6a5e804f408bcdef564bb6756f4f2389ba270d13
Merge: 8190db0 747da32
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 14:31:02 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 747da32b252e334608373046a92682fc3424c80e
Merge: 2628cd9 e2c20c6
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Nov 18 20:18:15 2013 +0200
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 8190db0b58f0d43b66670f1542822fdab922b348
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 12:38:31 2013 -0500
updated man page for ipsec.conf with information by Richard Haines
commit e2c20c609fcc24af31a95ec22a04f0274921becb
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 11:24:31 2013 -0500
updated changes
commit 889686bb88f5ee10c30e7fd3110816b0832036ef
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 11:24:02 2013 -0500
added two comments
commit ef5c5fdef5f8c61fe232af2aff0b3ac9b6c3b39c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 11:23:18 2013 -0500
updated changes
commit 2628cd9f7952947cac33d1b3cd7cf30f3db7c98a
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Nov 18 18:19:33 2013 +0200
lswconf: fix formatting
commit 0b121326657f82f94d391e1031e286dc5f318d4d
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 10:10:27 2013 -0500
labeled ipsec: Set the default secctx attribute value to 32001
(that's a private use assignment)
commit 057f3a13a4bdc29e4194bb1e187c45c63f25bf27
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Nov 18 18:08:47 2013 +0200
lswlog: fix formatting of comments and too long lines
commit 3cdde9edd306be33056aa723628fc29104d76098
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Nov 18 18:05:11 2013 +0200
lswconf: fix logging in selinux disabled case
commit 8e65f910fd1be2fea7032a656c533cac1ce40a79
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Nov 18 01:29:10 2013 -0500
testing: fixed output for ikev2-minor-version-initiator
commit 7a480f96e524eff9ac5466c2b987009a5bc2d1ed
Merge: dafe436 995352f
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Nov 17 19:32:04 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 995352f6b7e6904256b2f51e1bbc4455b05d0ba2
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Nov 17 19:19:18 2013 -0500
testing: updated 4 ikev2 test cases
ikev2-algo-01-modp2048-initiator
ikev2-algo-02-modp2048-responder
ikev2-algo-ike-sha2-01
ikev2-algo-ike-sha2-02
Mostly for the blowfish/twofish changes, statsbin, myid, jiffies
layout changes
commit 9b31deafbdbf0c2206358dfbf2d4e343e365f23f
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Nov 14 23:59:14 2013 -0500
SECURITY: Do not inspect or continue on very short packets
Code introduced in Openswan to ensure the IKEv2 minor was ignored
introduced a vulnerability that caused mangled short IKE packets to
be processed as valid IKE packets despite in_struct() returning a
failure, resulting in pluto crashing and restarting.
Reported by Nick Howitt.
Additionally, with the introduction of IKEv2, incoming packets always
assumed it could at least read the IKE Major version number, and would
crash when the packet was overly short and did not contain such a number
This patch ensures the code not attempt to read the IKE version and might cause an
IKEv1 packet to be sent as response to a badly mangled IKEv2 packet, as
we default to IKEv1 for this type of error. It also no longer skips aborting
a failed in_struct() read.
It turns the version number in a loose enum.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit dafe436ea3484f29febd83f61fb6a86b9b40cbae
Merge: d66fa81 1fd9e8c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Nov 17 13:46:02 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit d66fa81aad208a6fccef6aa9e4bcf1842db2def0
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Nov 17 13:45:08 2013 -0500
disable debug in vendorid_init accidentally enabled in previous version
commit 8e613a1e3b077e25c37f97cfad2ff0b328f122d8
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Nov 17 13:44:55 2013 -0500
update changes
commit 1fd9e8c0d344c43f942dca67fd9f354d83355cd8
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 14 16:08:27 2013 -0500
Disable vendorid logging accidentally enabled in previous version
commit 42d76050296d6eabaf1b46c9685da8f3e283a07d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 14 13:12:00 2013 -0500
update changes
commit e9ba211b8c85352b7ca24c0fc17de205a7d44541
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 14 13:07:16 2013 -0500
secrets: Log glob failing for secrets parser as warning, not error
This ensures that "ipsec secrets" or "systemctl force-reload ipsec"
does not return with non-zero, which is interpreted as failure.
commit 6561b56a268109693a1e9305a5f14757e4bd0f21
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Nov 14 00:25:04 2013 -0500
make constants.h definition of bool conditional so as not to clash with libreswan.h
The definition ought to live one place.
commit 0e16cb3f6c444ea9db2d139cd084681219fad0f9
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Nov 13 23:48:31 2013 -0500
dodge differences between bison 2.5 and bison 2.6 output
commit be42bab8d9cd1e5ada74ab6156d33063dfd52da5
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Nov 13 22:12:46 2013 -0500
prevent double inclusion of partser.tab.h
commit dd4a8a82a802e85fa54e19cca536967ec0e42581
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Nov 13 16:18:01 2013 -0500
Previously unused v2N_INVALID_SPI had a typo in its name.
It was mistakenly called V2_INVALID_SPI.
commit cc47a1da5d758e9fe7c142b67797d42dcb1d4615
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Nov 13 16:13:27 2013 -0500
updated changes
commit 4a3790ce057fa61af70d60ad7ec57534956c1900
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Nov 13 16:12:07 2013 -0500
IKEv2: Fix some error codes that mistakenly used IKEv1 versions
Some of these actually were not defined for IKEv2 (reserved) although
most of these have the same value for IKEv1 and IKEv2
commit d5afaf96a29a59966cfb47d9f2a4fbc189717645
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 12 23:31:56 2013 -0500
updated changes
commit ce04a0afc244ec1421d305772587c2896d80de8d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 12 21:42:55 2013 -0500
fortify IKE major code for mysterious crasher
commit bf67f09cb6566530c46d0294aa607a663fa64f1c
Merge: 17a040c 7dcdd5a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 12 21:23:07 2013 -0500
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit 7dcdd5ab9a92269965f7ad51810dabee4cc32042
Author: Matt Rogers <mrogers at redhat.com>
Date: Sun Nov 10 23:41:16 2013 -0500
IKEv2: Check for inbound traffic before sending liveness exchange
This is the intended RFC behavior, and will result in
exchanges being sent only when needed.
commit 7db45e3b2c134328dfd2c8e48d99c16566471787
Merge: 60203fa d118cb6
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Nov 10 06:16:53 2013 -0800
Merge branch 'hugh-wip' of vault.libreswan.org:/srv/src/libreswan into hugh-wip
commit fab873513f3a15bd3a57b4fdda576ff69e60740d
Author: Tuomo Soini <tis at foobar.fi>
Date: Sun Nov 10 10:17:23 2013 +0200
CHANGES: update for 31e2af055cb51a51651661ad5fff146418eb7c5c
commit d118cb69862ae1689fabcc80290b01b89c612a82
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Nov 10 01:39:57 2013 -0500
rejig parser header files to improve modularity
commit a0618cc569a87e6e117b81fbb9df5e436fa04bdd
Merge: 805ff7c 1c2e01a
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sat Nov 9 17:45:32 2013 -0500
Merge branch 'master' into hugh-wip
commit 17a040c7097f3ad51fd7afbc8d3f830e11aeb587
Author: root <pwouters at redhat.com>
Date: Sat Nov 9 13:26:59 2013 -0800
Fix a bugreference back to openswan
It got replaced to libreswan in the Great Rename
commit 60203fa0feba9942b1bb97a126bec46b658e5e59
Merge: 2120485 1c2e01a
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 9 10:24:42 2013 -0800
Merge branch 'master' into hugh-wip
commit 2120485cc9f72bf7f825f929cd1f42471e553369
Merge: c47e8e7 805ff7c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 9 10:24:35 2013 -0800
Merge branch 'hugh-wip' of vault.libreswan.org:/srv/src/libreswan into hugh-wip
commit 1c2e01a1345ebe36161854453ea1b179a72cea70
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 9 10:23:58 2013 -0800
set ISAKMP_NEXT_ROOF to ISAKMP_NEXT_v2ROOF to squash a warning
commit 2a24981e64ea66656e9a91998dd60285c0634dcb
Merge: 31e2af0 ef2d756
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Nov 8 15:45:48 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 31e2af055cb51a51651661ad5fff146418eb7c5c
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Nov 8 15:45:16 2013 -0500
typo in contributor name
commit ef2d756e73a188401c36133c2e2f7ce4f3c6ae55
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Nov 8 10:35:00 2013 +0200
packaging: SECURITY, insecure temp files on rpm package installation
commit 805ff7c15f3618c6c8ca7c8c20d5af86a5aa6c8d
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Nov 8 02:43:26 2013 -0500
Better modularity discipline
- add -Wmissing-declarations to warn when an external is being defined
without a declaration. Each external should be declared in exactly one
header and this catches most failures. It also catches some things that
should be file static.
- added -Wredundant-decls to catch things declared twice.
Oddly enough our code base did this. A bad sign of
"who knows where this belongs?".
- added -Wnested-externs to catch extern declarations
inside blocks. These are legal but bad form.
- made many changes to fix the things caught by these tools
- eliminated NO_DEBUG. This required some fancy work with
exit_tool declarations and definitions. I'd like to
eliminate it but it is used in testing/ in a way I don't
understand.
- deleted some unused functions (discovered when converted to file static)
- fixed declarations "liberswan*" to "libreswan*"
Still to do:
- still some mess due to the ill-disciplined nature of declarations
generated by bison and flex. We can do better, but I haven't
gotten there.
- further progress towards a one-to-one correspondence between .h and .c
files.
- discover unused externals
commit a83c86294dad798bbc5869e5e86fd0aa9e86391c
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 5 19:41:23 2013 -0800
updated changes
commit a4e01e553813f23a81c81e7ebb0967edc46db59f
Author: Thomas Geulig <geulig at nentec.de>
Date: Tue Nov 5 19:39:36 2013 -0800
KLIPS: Fix for crashes in ipsec_xmit_ipip() for 3.4.65+ kernels
ip_select_ident() function API changed.
Signed-off-by: David McCullough <ucdevel at gmail.com>
Thanks to Roel van Meer <roel.vanmeer at bokxing-it.nl> for testing
and feedback on the patch.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit c47e8e7b1c4bc6f468b81e184278ffce9ffe422c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 2 23:12:39 2013 -0700
fix two #if's to #ifdef's. Although both are dead code.
The confread one is an extra debug one could enable.
The PFKEY_PROXY one I'm not sure if that has ever been used for anything.
commit 91118b70f0ec39f9e79680b445a05b548f690747
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Nov 3 01:04:04 2013 -0500
changes inspired by warnings generated by -Wshadow
commit 4ed267fbc56cf2904a3a9c100c00f53b6c7361ed
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Nov 3 01:02:37 2013 -0500
make crypt_mutex file static
commit 8e2ced0391a7ad70333b8183830f6a99371626ff
Merge: ffeaeda 5198a7f
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Nov 2 13:11:40 2013 -0700
Merge branch 'hugh-wip' of vault.libreswan.org:/srv/src/libreswan into hugh-wip
Conflicts:
lib/libswan/constants.c
commit 5198a7fc439dd6fbeb6c8a9b323eb93b54140c71
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Nov 1 17:28:27 2013 -0400
trim trailing whitespace that has crept in
commit aa7e0e16a39fc4bdade7778220f630bc30ce2fba
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Nov 1 17:13:19 2013 -0400
fix indentation
commit d2a39e59a145ee183bfa9b1ed749c95047a9f322
Merge: 6e1587c 3fd4906
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Nov 1 16:14:21 2013 -0400
Merge branch 'hugh-wip' of vault.libreswan.org:/srv/src/libreswan into hugh-wip
commit 6e1587c08f1c2cf45fe65069f47bf0b74360fae3
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Oct 31 02:19:37 2013 -0400
- delete programs/pluto/ikeping.c: its exports were not used
- C programmers should not normally define identifiers with a leading underscore
- make more things static
- undo some bad uncrustification
- simplify and clarify some code
commit fb9fe2c444df6d75b7f883b9eb9015d903e4b659
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Oct 30 16:38:11 2013 -0400
- make more things file static
- rationalize placement of declarations
- delete vestigial programs/pluto/ike_alginit.c
- eliminate a couple of GOTOs
- eliminate race-like bug in programs/pluto/ike_alg_status.c
commit 5f80ab1a69f7fdfd3a361a512c2daee759f6ffe3
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 19:25:42 2013 -0400
- make more things in secrets.c and fetch.c file static
- delete some unused declarations
- #if-out lsw_has_private_key because it is unused
commit 4f8e3e8e059cbdb0d82cb738611c49e5348e69f6
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 17:05:06 2013 -0400
- Add copyright notice to dpd.h (just a copy from dpd.c)
- ditch unconventionally placed and unnecessary declaration of was_eroute_idle
- make p1_dpd_outI1 file static
commit b3e03fba2fc31bdc07ec1d0ad7855c80c3513e82
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:57:22 2013 -0400
- move declaration of adns_reapchild to dnskey.h from server.h
- deleted from server.h declarations of functions that no longer exist
commit 260c9db3f5a5fe89c7b4f9ac9f6958b80d2a9ea9
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:39:14 2013 -0400
delete unused cmp_chunk from defs.c
commit 1b9e6339ab94770f8e4a179d5f609be7286aab83
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:35:26 2013 -0400
make a few more things file static in connections.c
commit 032416b3a1f8dee8b4cbbd6a26141455fca89be5
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:17:35 2013 -0400
make eof_from_pluto file static
commit d6b8ca60af9e5c2e963e23ae8edca1ecd6adb481
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:14:49 2013 -0400
make empty_ac file static
commit 3ef006620f26b5572565ae65d1926b74cabc2824
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 11:03:08 2013 -0400
- fix typing of for_each_state
- fix some uncrustify damage
- reduce scope of some local variables
- remove some unnecessary IFs
- factored out child-killing code in ikev2_parent.c
- fix very bad assumption that all states on hash chain must be children of same parent
- added comment to explain state table better in state.c
- factored out common code in state.c for removing a state from the state table
commit 25ffc715b845499f5b46d9afb77f6a3b8f9c15ac
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 11:00:47 2013 -0400
add note about v2 calling cookies IKE SA SPIs in description of ISAKMP header
commit 3f1fbb25fe8d50a31b4fc54b36124e444a5e591b
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 10:55:50 2013 -0400
- make more spdb things file static
- local code clarification
- improve some comments
- fix some uncrustify damage
commit ad1a8e028f8c514b7917dfdc6a64047970735159
Merge: 6868576 2249af3
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Nov 1 09:50:07 2013 -0700
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit 68685769da2bca1391e11da2b6732f9ea4300fa4
Author: Roel van Meer <roel.vanmeer at bokxing-it.nl>
Date: Fri Nov 1 09:45:06 2013 -0700
KLIPS: NEED_UDP_ENCAP_ENABLE needed for 3.5+, not3.4
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit c95bf60cc3af6c9f691d08518f40f9a65f327f0e
Author: Roel van Meer <roel.vanmeer at bokxing-it.nl>
Date: Fri Nov 1 09:42:51 2013 -0700
building: support for slackware version/init system detection
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 2249af340768f5486ec4ecbd33b06212f032f0f1
Author: Tuomo Soini <tis at foobar.fi>
Date: Fri Nov 1 09:00:41 2013 +0200
CHANGES: fix release data of v3.6
commit ffeaeda5cdfce731918677d2d9b368eca4dc6d5f
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Nov 1 00:56:07 2013 -0400
clean up enum and set printing
- make non-re-entrancy warnings clearer
- added re-entrant enum_showb
- use enum_showb to fix enum_show usage bugs
- added strip_prefix and used it to fix hacks
- removed pointless NULL entries in name tables
- marked NULL terminators of bitnamesof tables
- tidy
commit 1ba6cdd52dcee32105fde939c031440e471c8cce
Merge: 51cfae7 3fd4906
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Oct 31 21:26:37 2013 -0400
Merge branch 'hugh-wip' of vault.libreswan.org:/srv/src/libreswan into hugh-wip
commit 51cfae760bd5561bf0d4ee8e3a27e57f4770df6f
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Oct 31 02:19:37 2013 -0400
- delete programs/pluto/ikeping.c: its exports were not used
- C programmers should not normally define identifiers with a leading underscore
- make more things static
- undo some bad uncrustification
- simplify and clarify some code
commit 07bb55cb50826511f2cea445288a284d5e0ce4ee
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Oct 30 16:38:11 2013 -0400
- make more things file static
- rationalize placement of declarations
- delete vestigial programs/pluto/ike_alginit.c
- eliminate a couple of GOTOs
- eliminate race-like bug in programs/pluto/ike_alg_status.c
commit c4710e706510cc36fc71d421c38a09dbb0d0b335
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 19:25:42 2013 -0400
- make more things in secrets.c and fetch.c file static
- delete some unused declarations
- #if-out lsw_has_private_key because it is unused
commit a3ab0b2014b3be08ee29c328e81bae9fe99b5848
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 17:05:06 2013 -0400
- Add copyright notice to dpd.h (just a copy from dpd.c)
- ditch unconventionally placed and unnecessary declaration of was_eroute_idle
- make p1_dpd_outI1 file static
commit 7413b2c222780f8d9041a25ab6c82213750ad489
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:57:22 2013 -0400
- move declaration of adns_reapchild to dnskey.h from server.h
- deleted from server.h declarations of functions that no longer exist
commit 3178ca5a1b4fb98ce173609638d7fe99345b6260
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:39:14 2013 -0400
delete unused cmp_chunk from defs.c
commit 6a275f534b93b0e9e7fd4d89222a65d794b59d52
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:35:26 2013 -0400
make a few more things file static in connections.c
commit 8796bc9e52b8405fe484dbf1b182dd5fda674154
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:17:35 2013 -0400
make eof_from_pluto file static
commit 0ecdc6766dc832bd29d0262398464af8f06f10d6
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:14:49 2013 -0400
make empty_ac file static
commit 36ccd7b0fce35be88bca6d75632066c6620b4d90
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 11:03:08 2013 -0400
- fix typing of for_each_state
- fix some uncrustify damage
- reduce scope of some local variables
- remove some unnecessary IFs
- factored out child-killing code in ikev2_parent.c
- fix very bad assumption that all states on hash chain must be children of same parent
- added comment to explain state table better in state.c
- factored out common code in state.c for removing a state from the state table
commit 45c5083d1351fb8d1da8c0b2fc772e1b0136591e
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 11:00:47 2013 -0400
add note about v2 calling cookies IKE SA SPIs in description of ISAKMP header
commit 07c7ac8ab714c04ec7bfa0720976e5dec3657f62
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 10:55:50 2013 -0400
- make more spdb things file static
- local code clarification
- improve some comments
- fix some uncrustify damage
commit 3fd49060a2278d14373ba873a5b3b22ae7b7f314
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Oct 31 02:19:37 2013 -0400
- delete programs/pluto/ikeping.c: its exports were not used
- C programmers should not normally define identifiers with a leading underscore
- make more things static
- undo some bad uncrustification
- simplify and clarify some code
commit 2c75abedacdeaacbb2f24633f564b52a3c18b09b
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Oct 30 22:46:36 2013 -0400
updated changes
commit a9ddf554d2e01c78959e61fc0c880b5818ca32c7
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Oct 30 22:43:59 2013 -0400
ikev2: Fix ikev1 fallback when ikev2 fails
Confirmed by testcase ikev2-01-fallback-ikev1
commit 417ca2008167bd463a6ff8128b3488b25682d8fb
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Oct 30 22:42:15 2013 -0400
testing: updated ikev2 test cases
commit 20b6558b93a47aa6fead62b6a53bdf629cec0b4e
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Oct 30 16:38:11 2013 -0400
- make more things file static
- rationalize placement of declarations
- delete vestigial programs/pluto/ike_alginit.c
- eliminate a couple of GOTOs
- eliminate race-like bug in programs/pluto/ike_alg_status.c
commit 4986e9d210a3ba7633f0b569599d4905831d6bb6
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Oct 30 12:48:56 2013 -0400
testing: various ikev2 output updated
commit aba926bbcda1c1a6e36f4e9639073f92ce960e6f
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Oct 30 11:50:52 2013 -0400
pluto: disentange ikev2 transform from ikev2 next payload type
commit d576593a3259c5bd8ac5d7cedb39122eb93514c0
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Oct 30 11:47:21 2013 -0400
ikev2_x509: disentange an ikev1 value for an ikev2 value
We conditionally used ISAKMP_NEXT_CR (7) instead of
ISAKMP_NEXT_v2CERTREQ (38)
This could have caused us to fail to ask the remote for an x.509 certificate.
commit 3b98fdaa34bcb5d18be0ffed736687ebbeea1435
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Oct 30 11:46:48 2013 -0400
ikev2: fixup a use of ISAKMP_NEXT_NONE to ISAKMP_NEXT_v2NONE
commit ed0f4115d59c0655d13a422f35945743cf538470
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 19:25:42 2013 -0400
- make more things in secrets.c and fetch.c file static
- delete some unused declarations
- #if-out lsw_has_private_key because it is unused
commit a07cb292f53628608cb850058ac98b86c4e4f069
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Oct 29 17:56:55 2013 -0400
pluto: disentange ikev2 proposal from ikev2 next payload type
Don't re-use IKEv1 values. Introduced ikev2_last_proposal_names
to distinguish these from ikev1 next_payload_type
commit 2f2cfcfb2414e5faa69cf8e52dbca9f85d010852
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 17:05:06 2013 -0400
- Add copyright notice to dpd.h (just a copy from dpd.c)
- ditch unconventionally placed and unnecessary declaration of was_eroute_idle
- make p1_dpd_outI1 file static
commit 273c076ba18b55477d1e08b70fb6e46fdecf568f
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:57:22 2013 -0400
- move declaration of adns_reapchild to dnskey.h from server.h
- deleted from server.h declarations of functions that no longer exist
commit f5bf57a71d66d635116bc2f016d326e8ba8b1c4e
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:39:14 2013 -0400
delete unused cmp_chunk from defs.c
commit abc2131b8abd93a3b5d648ae1a84802ade085c37
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:35:26 2013 -0400
make a few more things file static in connections.c
commit 92d59ab17bfb0390ff3d118e90c6a1acf88495a3
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:17:35 2013 -0400
make eof_from_pluto file static
commit 3bce322b8d777a0bc79120df21243d6624bea917
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 15:14:49 2013 -0400
make empty_ac file static
commit 7ef370e218dda30bd592bfae4504ed4ca784e017
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 11:03:08 2013 -0400
- fix typing of for_each_state
- fix some uncrustify damage
- reduce scope of some local variables
- remove some unnecessary IFs
- factored out child-killing code in ikev2_parent.c
- fix very bad assumption that all states on hash chain must be children of same parent
- added comment to explain state table better in state.c
- factored out common code in state.c for removing a state from the state table
commit c97474d1233da80ad673c1aa0595b6a167159113
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 11:00:47 2013 -0400
add note about v2 calling cookies IKE SA SPIs in description of ISAKMP header
commit 82c00d5ded0218dec53b0c11f95948bf9d35a691
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Oct 29 10:55:50 2013 -0400
- make more spdb things file static
- local code clarification
- improve some comments
- fix some uncrustify damage
commit 7fbd9d854097cf32ba265a55634c12b496810a8c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 28 22:50:07 2013 -0400
testing: various test cases updated
commit bc8739a81d1c24c96fae19d80f10c68f3c24c5aa
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 28 18:55:31 2013 -0400
testing: pluto-ipcmp-01 fixups
commit 5bacc5691f35cd5f7465c89f94e5e3bb29e7cfcc
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 28 18:44:31 2013 -0400
testing: xauth-pluto-03 fixups
nicinit.sh was missing, minor status update, klips update, testparams.sh
was pre-kvm and v6 disabled per default
commit a6955911522432beeb6e7dfdd52646eda94d7c0c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 28 18:29:42 2013 -0400
testing: basic-pluto-04
similar fixups as other basic cases
commit c45aa03eb948f77b1430cd8524addf55420a7b04
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 28 18:28:13 2013 -0400
testing: update basic-pluto-02
- same blowfish/jiffies/status output changes fixup
commit ab74d543ddac8ccb4cc92ec30e1c76e281c82459
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 28 18:27:01 2013 -0400
testing: fixup basic-pluto-03
- fix ping network ranges used
- same blowfish/jiffies/status output changes fixup
commit 65fc1ca64b9141e0925483e2431fdca53da7f923
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 28 17:45:13 2013 -0400
testing: basic-pluto-03
- actually setup a subnet for north as per description.
- changes to fips, statsbin and klips output (jiffies)
- removal of blowfish
- some per-conn new items show up now - updated layout
commit adb0b71078962e5ec6e8992207661b3f4c3c3b61
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 28 17:33:48 2013 -0400
testing: ipsec look and klips spi sanitizer for jiffies=
commit 7c491bca4c7d04776e413126964663ea63d1fde4
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 28 17:32:56 2013 -0400
testing: basic-pluto-01 update
Some minor changes with fips and statsbin in "config setup" items,
and some KLIPS output changes (jiffies= and disabled nat)
commit 54b11368b4a27380da40a40dba243da20649ca36
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Oct 28 13:44:45 2013 -0400
xauth: Print the "successfully authenticated" on the whack prompt
so "ipsec auto --up" shows this properly.
commit f33a2bb4093cbc8ce85d82590281662463665682
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Oct 27 22:33:28 2013 -0400
fix (unused) line busted during uncrustifying 6fa81707feb186fbff660afc3ddd2e7575dcd9c2
commit 0222ab9fcdb1e444c6ed0da4a6730ce265b90f1d
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Oct 27 20:48:02 2013 -0400
typo in comment
More information about the Swan-commit
mailing list