[Swan-commit] Changes to ref refs/heads/fragmentation

Paul Wouters paul at vault.libreswan.fi
Sat Feb 2 22:45:00 EET 2013


New commits:
commit 829065e85e857f6d87c76e724ab2b8211ffe3b7c
Merge: bcaf1b7 c78e93e
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Feb 2 15:44:54 2013 -0500

    Merge branch 'master' into fragmentation

commit c78e93e7d9a2b3f25d5380af59015307cd532b2d
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Feb 2 15:44:21 2013 -0500

    * XAUTH: Only try to update resolveconf/restoreconf when XAUTH client

commit 86c1242a6440d751ae1c3d6dd114b0f73ecff4ec
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Feb 2 01:58:03 2013 -0500

    updated changes

commit c015d1a038546a5c32d9a36d16462d490108e254
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Feb 2 01:41:04 2013 -0500

    * XAUTH: modecfgdns* parameter was broken, modecfgwins* removed
    
    The modecfgdns1/modecfgdns2/modecfgwins1/modecfgwins2 were never
    properly working using libipsecconf. They only worked when you used
    whack directly.
    
    Someone (properly me) put these in as KSCF_MODECFG* instead of as
    KSF_MODECFG*, so the parser was looking for left/rightmodecfgdn1 etc.
    
    While fixing these, I removed support for XAUTH WINS, as that died a
    decade ago.
    
    We had defined POLICY_MODECFGDNS1 etc apparently as policy bits that
    would determine if we would send these options, but then they were
    never queried ever, so I removed them. It's quite obvious when you
    need to set these, namely if we are an xauthserver and modecfg_dns1=
    is set.
    
    libipsecconf got compiled without XAUTH because it was not being
    added to the CFLAGS when USE_XAUTH was set. So none of the parsing
    code was reading the code I wrote to read these options.
    (the only reason xauthby= ever worked was because it was _missing_
    and #ifdef XAUTH)
    
    Parsing of the modecfgdns1/modecfgdns2 keywords as kt_ipaddr also
    gave some problems because ipaddr processing was really only done
    for the left/right parts of the connection. The easier fix was to
    change these into kt_string, and when reading the struct starter_conn
    information into a struct whack_message, do the tnatoaddr() conversion.
    If the IP for this option is bogus, we ignore it and continue.
    
    modecfgwins1/modecfgwins2 is now kt_obsolete, and they were removed from
    whack, the xauth sending xauth attributes code and the man pages.
    
    The ipsec auto --status was updated to show the xauth information better:
    
    000 "test": 76.10.157.69<76.10.157.69>[+XS+S=C]...5.6.7.8<5.6.7.8>; unrouted; eroute owner: #0
    000 "test":     oriented; my_ip=unset; their_ip=unset;
    000 "test":     xauth info: my_xauthuser=pwouters; their_xauthuser=[any]; dns1:1.8.8.8, dns2:3.8.8.8;
    000 "test":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
    000 "test":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+IKEv2ALLOW+ModeCFGDNS1+ModeCFGWINS1;
    000 "test":   prio: 32,32; interface: virbr0; metric: 0, mtu: unset;
    000 "test":   dpd: action:clear; delay:0; timeout:0;
    000 "test":   newest ISAKMP SA: #0; newest IPsec SA: #0;
    000

commit 16548119c880df68971f382751d584e3a60f51a9
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Feb 1 22:22:58 2013 -0500

    * libipsecconf: remove another leftover used for manual keying

commit c298aa30aa4bff596210f2f3b5364ae9d012eda9
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Feb 1 11:41:35 2013 -0500

    * updated changes

commit 187cee68e25547102699afbe522eaf081261a017
Author: Matt Rogers <mrogers at redhat.com>
Date:   Fri Feb 1 11:38:59 2013 -0500

    * #53:  ipsec auto --status does not show phase2 parameters
    
    when using (unspecified) defaults
    
    Not specifying phase2alg= leaves c->alg_info_esp NULL so the rest of the
    information was being skipped, when c->alg_info_esp was only needed to
    determine the pfsgroup in whack_log. Relocating the pfsgroup determination
    outside of the whack_log functions will let us see the rest of the info
    even if the pfsgroup is unspecified.
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit b9994a9657f7b847cc66fb1ba6cf2f482c5d0542
Merge: 31645a3 8a2a75d
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Feb 1 11:14:09 2013 -0500

    Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan

commit 8a2a75dbaeadc606e0f8c7bd53e193992734db98
Author: Antony Antony <antony at phenome.org>
Date:   Fri Feb 1 10:10:50 2013 +0200

    Revert "*debug: add debug lines in set_cur_state macro"
    
    This reverts commit 3b0d6c99385d8b97efc75e5be52231353fdf0652.

commit 31645a3f77a0d71855e14fa6c51fc6bffd720c85
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Jan 31 22:04:21 2013 -0500

    * fixed typo in log message



More information about the Swan-commit mailing list