[Swan-commit] Changes to ref refs/heads/fragmentation
Paul Wouters
paul at vault.libreswan.fi
Sat Feb 2 22:45:00 EET 2013
New commits:
commit 829065e85e857f6d87c76e724ab2b8211ffe3b7c
Merge: bcaf1b7 c78e93e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 2 15:44:54 2013 -0500
Merge branch 'master' into fragmentation
commit c78e93e7d9a2b3f25d5380af59015307cd532b2d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 2 15:44:21 2013 -0500
* XAUTH: Only try to update resolveconf/restoreconf when XAUTH client
commit 86c1242a6440d751ae1c3d6dd114b0f73ecff4ec
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 2 01:58:03 2013 -0500
updated changes
commit c015d1a038546a5c32d9a36d16462d490108e254
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Feb 2 01:41:04 2013 -0500
* XAUTH: modecfgdns* parameter was broken, modecfgwins* removed
The modecfgdns1/modecfgdns2/modecfgwins1/modecfgwins2 were never
properly working using libipsecconf. They only worked when you used
whack directly.
Someone (properly me) put these in as KSCF_MODECFG* instead of as
KSF_MODECFG*, so the parser was looking for left/rightmodecfgdn1 etc.
While fixing these, I removed support for XAUTH WINS, as that died a
decade ago.
We had defined POLICY_MODECFGDNS1 etc apparently as policy bits that
would determine if we would send these options, but then they were
never queried ever, so I removed them. It's quite obvious when you
need to set these, namely if we are an xauthserver and modecfg_dns1=
is set.
libipsecconf got compiled without XAUTH because it was not being
added to the CFLAGS when USE_XAUTH was set. So none of the parsing
code was reading the code I wrote to read these options.
(the only reason xauthby= ever worked was because it was _missing_
and #ifdef XAUTH)
Parsing of the modecfgdns1/modecfgdns2 keywords as kt_ipaddr also
gave some problems because ipaddr processing was really only done
for the left/right parts of the connection. The easier fix was to
change these into kt_string, and when reading the struct starter_conn
information into a struct whack_message, do the tnatoaddr() conversion.
If the IP for this option is bogus, we ignore it and continue.
modecfgwins1/modecfgwins2 is now kt_obsolete, and they were removed from
whack, the xauth sending xauth attributes code and the man pages.
The ipsec auto --status was updated to show the xauth information better:
000 "test": 76.10.157.69<76.10.157.69>[+XS+S=C]...5.6.7.8<5.6.7.8>; unrouted; eroute owner: #0
000 "test": oriented; my_ip=unset; their_ip=unset;
000 "test": xauth info: my_xauthuser=pwouters; their_xauthuser=[any]; dns1:1.8.8.8, dns2:3.8.8.8;
000 "test": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "test": policy: RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+IKEv2ALLOW+ModeCFGDNS1+ModeCFGWINS1;
000 "test": prio: 32,32; interface: virbr0; metric: 0, mtu: unset;
000 "test": dpd: action:clear; delay:0; timeout:0;
000 "test": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
commit 16548119c880df68971f382751d584e3a60f51a9
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 1 22:22:58 2013 -0500
* libipsecconf: remove another leftover used for manual keying
commit c298aa30aa4bff596210f2f3b5364ae9d012eda9
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 1 11:41:35 2013 -0500
* updated changes
commit 187cee68e25547102699afbe522eaf081261a017
Author: Matt Rogers <mrogers at redhat.com>
Date: Fri Feb 1 11:38:59 2013 -0500
* #53: ipsec auto --status does not show phase2 parameters
when using (unspecified) defaults
Not specifying phase2alg= leaves c->alg_info_esp NULL so the rest of the
information was being skipped, when c->alg_info_esp was only needed to
determine the pfsgroup in whack_log. Relocating the pfsgroup determination
outside of the whack_log functions will let us see the rest of the info
even if the pfsgroup is unspecified.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit b9994a9657f7b847cc66fb1ba6cf2f482c5d0542
Merge: 31645a3 8a2a75d
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 1 11:14:09 2013 -0500
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 8a2a75dbaeadc606e0f8c7bd53e193992734db98
Author: Antony Antony <antony at phenome.org>
Date: Fri Feb 1 10:10:50 2013 +0200
Revert "*debug: add debug lines in set_cur_state macro"
This reverts commit 3b0d6c99385d8b97efc75e5be52231353fdf0652.
commit 31645a3f77a0d71855e14fa6c51fc6bffd720c85
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jan 31 22:04:21 2013 -0500
* fixed typo in log message
More information about the Swan-commit
mailing list