[Swan-commit] Changes to ref refs/heads/audit
Antony Antony
antony at vault.libreswan.fi
Sun Jan 20 21:10:07 EET 2013
New commits:
commit 3414a2dd6f348c78d14ec95eb689b0ec923b27f1
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 20 21:09:09 2013 +0200
*audit : add state transition. neeed more testing
commit c982ecea59615d61247637652f4ce25985c87a54
Merge: 31d7cc5 6c98431
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 20 19:40:30 2013 +0200
Merge branch 'master' into audit
commit 31d7cc5ad9beb8da481bc66ee166a708409d9d78
Merge: 7dd8452 1001e39
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 20 19:37:53 2013 +0200
Merge branch 'master' into audit
Conflicts:
testing/pluto/ikev2-11-simple-psk/eastinit.sh
testing/pluto/ikev2-11-simple-psk/westinit.sh
commit 6c98431c9e94c141d926d6c85bb7ca701fb5bdc0
Merge: a5668a4 3ed96dc
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 20 12:26:53 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a5668a45b2778ac9050996db427a739490731227
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 20 12:25:17 2013 -0500
* updated changes
commit cf4343357b22a484c1f441eddebe6bd5d786340f
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 20 12:24:24 2013 -0500
* addconn: If no protostack= is configured, return "netkey" as default
commit 3ed96dcb3030905c4109c7da5042a5e0cc46b3d8
Merge: cb2ffa7 1001e39
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 19 18:40:47 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit cb2ffa7ee4b04f602889f5c0f88770985c3b04ae
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 19 18:36:01 2013 -0500
* pluto: show orientation with ipsec auto --status
When a connection is not oriented, the display of such a connection
in ipsec auto --status is 'undefined'. One side is called "left" without
any real proof. As such, one could not see the difference between a
properly oriented connection, and a unoriented connection that just
happened to look the same. This adds an entry to the output that will
state "oriented" or "unoriented", eg:
000 "redhat": 76.10.157.69[@RH-standard,+MC+XC+S=C]---76.10.157.65...66.187.233.55<vpn-rdu.redhat.com>[MS+XS+S=C]; unrouted; eroute owner: #0
000 "redhat": oriented; myip=unset; hisip=unset;
000 "redhat": xauth info: myxauthuser=pwouters;
000 "redhat": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes
000 "redhat": policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: virbr0;
000 "redhat": dpd: action:hold; delay:30; timeout:60;
commit 1001e39467063126362df7f869f60e9bf870b618
Merge: 49edd0c de7c4a4
Author: Antony Antony <antony at phenome.org>
Date: Fri Jan 18 16:00:28 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 49edd0c0f097881e71369a392855fb8b437d110a
Author: Antony Antony <antony at phenome.org>
Date: Fri Jan 18 15:59:39 2013 +0200
* testing: use stty --echo in runkvm.py
commit de7c4a4ce86f4b730dad94b1fd7d63a63eb04f38
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 17 17:45:59 2013 -0500
* manual: Remove last remnants of manual keying from man pages
commit 3930ef11a43baf3b765c87c19580452bc3e3e32f
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 16 11:26:30 2013 -0500
* updated man page for compress= and regenerated it
commit 8cecd371007e9c5d8c9df5ccd7909e9ff282e576
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 16 11:16:00 2013 -0500
updated changes
commit 7cf80a87d4d7f1e13ce0bff7d855f7707b3ca863
Author: Matt Rogers <mrogers at redhat.com>
Date: Wed Jan 16 11:13:30 2013 -0500
* #8 honour compress=no option
Due to increased security concerns of mixing compression with encryption, in
light of the BEAST like attacks, we no longer always accept ipcomp as we
did before. It needs to be explicitely set using compress=yes
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit f3a57a1ab4bd66bbb6df0198ee1e750e9b6cb82e
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 15 23:22:16 2013 -0500
* Missed a KLIPS -> KLIPS24 reference in make output
commit a6610e143bfe94aa79258ba59cbdbbc5cff7f09d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 15 23:21:49 2013 -0500
* updated changes
commit 635ad927c648a2a26c79d4df6eb306e66f29f4cd
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 15 23:17:34 2013 -0500
* XAUTH: Added xauthby=alwaysok option
Setting xauthby to alwaysok causes the XAUTH authentication to always succeed.
This is useful to supoprt clients that require XAUTH, but for which no real
XAUTH usernames/passwords are provisioned. This is valid for some certificate
based deployments of devices.
The static function do_md5_authentication() got renamed to do_file_authentication(),
because it is using the crypt() call, which supports more then just MD5.
The man page has been updated to reflect this, and also adds a note about MD5 not
being available in FIPS mode.
A separate bug has been opened for a feature to set the xauth password file name,
instead of hardcoding it to /etc/ipsec.d/passwd.
commit f0f95e1465ac65a3b97794e3adc0cd806060ff6b
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 15 21:59:45 2013 -0500
* KLIPS: makefile switch some more "26" vs "24" strings
module26.make -> module.make
module.make -> module24.make
There are still some occurances of "26" left (which are misleading because
it is really "2.6 and higher").
While we need packaging/makefiles/module.defs I don't think it is actually used,
because per default we use MODULE_DEF_INCLUDE=[..]/packaging/linus/config-all.h
(perhaps with make kpatch?)
commit 27ff91db99fb969f9418ed5473bc449865dc4abe
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 15 21:57:51 2013 -0500
* enable crytoapi in packaging/makefiles/module.defs
commit 529779a83462a4d52f630bc214de58618d6df4f3
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 14 17:47:18 2013 -0500
updated changes
commit 1565fdc5c9c4963a0a052fac86d961bd38d34c42
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 14 17:46:29 2013 -0500
* pluto: log XAUTHusername in the "established IPsec SA" line
i.e.:
004 "redhat" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x7aacc5fa <0xa46a8a1f xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=none XAUTHuser=pwouters}
commit 5f188f90317d0275e0136527f68b9db40f686126
Merge: 62661d8 fe5a7bf
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 14 22:06:40 2013 +0000
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 62661d8be946f3087f8348d32b7470a21a17ce11
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 14 22:05:02 2013 +0000
*testing: TERM=dumb expect get less ANSI escape caharacters
commit fe5a7bf9eeeb96aeb2bfe3ca38b1f2dc66902bb5
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:48:45 2013 -0500
* testing: fix calls to swanprep to swan-prep
commit 051efa54ee0a3543a5308943a35c213ab001ea38
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:29:26 2013 -0500
* testing: missed swan-update softlink in /usr/bin/
commit b8410d2cb81c1e2ff841c47a08c91aa385a5ddf7
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:20:37 2013 -0500
* testing: softlink swan-* binaries in /usr/bin/ to avoid PATH issues
also rename all to be consistent with "swan-" prefix.
commit f5868559d64579649586dccda85a49267d0d758c
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:20:10 2013 -0500
* testing: swan-prep should first copy in baseconfigs then specific test files
commit 83bf302d261300dd7d2b7a0aeb31d41fb3e2eb10
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:18:52 2013 -0500
* testing: swan-install support for disabled service and selinux
- disable systemd from restarting pluto on crash
- restorecon /usr/local
commit 6b4074e986f36170073f8223fc326a50d8552c07
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 15:17:55 2013 -0500
* testing: swan-build deletes modobj* as well as OBJ.*
commit 64eec39b92b0d83dc22ede07b03f300094b92e11
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 14 14:58:11 2013 -0500
* systemd: Added RestartPreventExitStatus= line to ipserv.service file
Added a commented line:
This mimics the old openswan _plutorun script that read
plutorestartoncrash=no and if set, would not restart pluto when its exit
code was 137 (term) or 143 (kill)
This is not the default, because if we crash, we _do_ want to
get restarted.
commit e3a8d972f80124dde4b31ee87331b882f98b693d
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 14 17:48:29 2013 +0000
*testing: start nic if there nicinit. reboot before init.
commit 2430ea35fe155418d3442b304ca4e1bd86e15644
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 13 14:11:00 2013 -0500
* testing: Added testcases netkey-psk-vhost-0[1..4]
These test cases investigate the behaviour of subnet=vhost:%no,%priv
versus subnet=%vhost:%priv,%no with and without NAT on nic.
They also use a virtual_private=%v4:!192.0.2.0/24,%v4:192.0.0.0/8
which should NOT cause rejection.
commit a11921e1158b1199b3d9ebf3d63d3a94de0eef0e
Merge: ed88209 7376fee
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 13 12:15:10 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit ed8820992b3a8e3be3a46b789ab82b06a9b602a0
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 13 12:14:42 2013 -0500
* testing: added netkey-psk-pluto-06
commit 7376feedbe157f783ae9a9af8241439ffbd7f2a4
Merge: f720c79 7c9d8c5
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 13 17:37:48 2013 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 7c9d8c5c7eaa47aae821991a1e6b507291283be1
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 14:36:52 2013 +0100
Adding EOL when an EOF at EOL
commit f720c7923846d926e37aaa61f85e7e71ee4042b3
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 13 13:56:02 2013 +0100
*testing: road need 192.1.3.254 as nameserver
commit c7b217ffb4d1409a9cbbe1393a9b96b1b3d78b96
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 13 13:54:48 2013 +0100
*testing: runkvm.py namespace collision.
commit a4eb285b0d2f7f59c36b2f7fac8fc85ebc6ef93c
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 04:11:11 2013 +0100
find_ifaces() call moved from rcv_whack.c to server.c - Reason : for my roadwarrior test to work
commit a9037fbf620029f1989150985f54ff37454afe2b
Merge: 988551c 3660560
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 03:21:32 2013 +0100
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
Conflicts:
lib/libipsecconf/parser.l
lib/libipsecconf/parser.y
programs/pluto/rcv_whack.c
commit 988551cded876cd20eb2733df82e92424baeaa47
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 03:14:59 2013 +0100
Fixed up (not found) printf when addconn --verbose
commit 02a0d794787d6a526ca23436ffb644f6b18965f3
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 03:12:34 2013 +0100
find_ifaces() call moved from rcv_whack.c to server.c - Reason : for my roadwarrior test to work
commit 8ce117a706cfa4b1cfc3884f583fc26fada3df22
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Sun Jan 13 03:08:35 2013 +0100
Adding EOL when an EOF at EOL
commit 36605602d4681ec6343128d66d92f834f5338ad9
Author: Antony Antony <antony at phenome.org>
Date: Sat Jan 12 22:27:07 2013 +0000
*testing fix test cases. support running rw tests
commit 5bfd3b7623bf0d70fe3d7c0433a95e9ff161a33b
Author: Antony Antony <antony at phenome.org>
Date: Sat Jan 12 21:56:51 2013 +0100
*testing: improve runkvm.py compile and install options
commit 4b409089bbe9b64bd0fdf4372612d642b83fc447
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 12 14:49:24 2013 -0500
updated changes
commit 06e49a26ff8ef1b03ba0e8fb5a87d9bd1072f539
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 12 14:44:05 2013 -0500
* libipecconf: Improved missing EOL bug in parser.
This fix by Philippe improves the parser, so it no longer requires
read-write access to the file for parsing which was introduced in
the previous fix to avoid a segfault when parsing a file with no EOL
on the last line.
This was testing with pluto, addconn and readwriteconf, including the
relevant tests in itesting/scripts/readwrite*
commit 2bb6aca0e056db0bb5375eb0ff72c80c272c22ed
Merge: 45ac59f 4f1fa2c
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 12 14:37:45 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 4f1fa2cf06beb9d418e1a17c8417178990c30ebb
Merge: 9e11cd7 f9b1bef
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 12 14:33:19 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 9e11cd71ab6e16bf2875d1b18fc122c69b93b4da
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 12 14:31:12 2013 -0500
* pluto: move call to find_ifaces()
This implements Philippe's resolution for correct connection loading
at startup with the changed timing as a result of the new addconn
thread that pluto starts to load the connections that used to be
loaded using the _plutoload script started separately.
commit 45ac59f254de1d74eb4ec535af9375d9104d0ad1
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 10 20:53:07 2013 -0500
* testing: testcase readwriteconf-26 has no neol.conf
commit f9b1bef31d65c4c9d02d15aef7b7ff9006e6e85a
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Thu Jan 10 22:22:15 2013 +0100
addcon doesn't exit on EOF at EOL
commit 7fb81cf80b14b502181af27eb68547c83bed960d
Merge: e91c6a6 5eb2b6f
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 16:16:50 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit e91c6a6f028ca4c80c08f4282d0693699c76bcb2
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 16:14:05 2013 -0500
* testing: added iphone 4s racoon config within testing framework
This test is incomplete. But contains the racoon config extracted
from an iphone 4s. It is likely modified for using the apple keychain
to obtain certificates, so we will need to use the stock racoon
method for specifying the certificates.
commit 5eb2b6f06de240104cdf4dee4853f3a7aaa0fc3a
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 17:08:29 2013 +0100
* testing: removed eth3 from swanhosts.
commit 1d9067f16bb65141501435fbfd634cd4a2a1f752
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 16:47:52 2013 +0100
* testing: fixed an roadwarrior test psk-pluto-01
commit fdcf2fec989440a486dc33fe032b6ad0232d8048
Merge: 52aa7df c970c6f
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 14:46:24 2013 +0100
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit c970c6f0c9438b3267c3faa6e5262fbf51ac3629
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 11:42:05 2013 -0500
* bump default IPSECBASEVERSION in git to "3.0"
So git builds show up like: v3.0-66-gf3dd213-master which means
66 commits past version 3.0.
commit ee43c8d31f36865557d099a4c608d5ed5b77d9d9
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 11:38:45 2013 -0500
* Addded @BINSH@ variable to Makefile.inc (default /bin/sh)
This is used when building the systemd service file. This addresses
the issue of Fedora 16 not having /usr/bin/sh, which was the value
used in the systemd ipsec service file.
commit e72a77a38b2814fd05d2bd87f77e170cf28893a5
Merge: 41c6459 590ec24
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 11:32:52 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 41c64592b2dd6766fdd2073e71259e00a099ff60
Merge: 18b7f2c d0a13fe
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 9 08:47:57 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 52aa7df2a43a5c529697a6f896b5d5b8d2bb0ca8
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 14:45:15 2013 +0100
*testing: fix typo, dumplicate mac in swan13
commit 590ec24ddc945e10ac128b1bcfd4c16831fa3181
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 14:14:47 2013 +0100
*testing: add nic vm config for roadwarrior tests
commit d0a13fe3001cc34504f69837913a8e34bd790b5f
Author: Antony Antony <antony at phenome.org>
Date: Wed Jan 9 10:03:27 2013 +0100
* testing: adding compile on east
commit 18b7f2ca7433623c3e4e3e615186fa234c48252d
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 8 19:02:24 2013 -0500
* documentation: better document HAVE_OCF in Makefile.inc
commit f3dd21396c7b3383290bf06454f7dbda7a1c53e7
Merge: 83bdac7 2217bf3
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 8 17:49:31 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 83bdac7932097526ff5063614787fdb6cb6195f2
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 8 17:48:56 2013 -0500
* testing: add testcase for no EOL on last line
commit 99513b380392ff58b77a982d2035909fba174a39
Merge: ae49483 2e1e0db
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 22:01:53 2013 +0100
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit ae494838dfd124cedddd74bf9e6f775606bd5bea
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 22:01:06 2013 +0100
EOF at EOL condition; even better fix. Could SIGSEGV
commit 5ac8c4b45fd2b54d873668e77d85146f1c4e28d4
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:19:33 2013 +0100
Revert "To be checked by Paul with redhat connection"
This reverts commit 026705c5be4d3ed6958fa51d03ad6f9901bf548f.
commit cec871e3ca536880978c7c4ed1f536e8a1846f86
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:19:00 2013 +0100
Revert "This should fit Paul's redhat connection and match my roadwarrior tests"
This reverts commit dcbbbbc23e678aed68f95bdfbdcc81c4bc81b5d6.
commit 41abe31889f93cb1e29602156cb1c4656e8d37c2
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:18:22 2013 +0100
Revert "To be checked by Paul with redhat connection"
This reverts commit 9368dfa89508985b7c3ad4c9e1f2e263f81d45e6.
commit 30b22084a56c19fbabd036e8d8adc2d0a594671e
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:17:20 2013 +0100
Revert "* addconn: do DNS(SEC) lookup for case KH_IPHOSTNAME"
This reverts commit bfa4b9d76f19e7dd8d3736827f93f86a493eebca.
commit bc187be34fe05faff16b5c7f31588a8bbb664f31
Merge: 947ca83 da4c16f
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:01:21 2013 +0100
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit 947ca838b3836ea0ef690c9c79d6ed7334b7d5f2
Author: Philippe Vouters <Philippe.Vouters at laposte.net>
Date: Tue Jan 8 21:00:18 2013 +0100
EOF at EOL condition; best fix
commit 31d2694e9283f86ab75509acae7a507dfdb4e99e
Merge: 6e6d76a f3dd213
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 20:53:30 2013 +0100
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 6e6d76a53a5dc06cd691fc8ad3179c44b1b58599
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 20:52:57 2013 +0100
don't ipsec setup start instead pluto ...
commit 2217bf3513781bf89009ea7038d81e141c81f487
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 20:51:57 2013 +0100
begining to add compile option
commit 2e1e0db6ae7a48dc2992f095e375b77cf79435b7
Merge: 32d9313 bc187be
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 18:47:35 2013 +0100
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 32d9313cc33ed24c2b5d4cec458ecc26f5b0ca40
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 18:45:31 2013 +0100
python swanprep instead of
source /testing/pluto/bin/eastlocal.sh
commit da4c16f95a38bf20bf6c55c39330b4400e48b9ba
Author: Antony Antony <antony at phenome.org>
Date: Tue Jan 8 16:32:53 2013 +0100
copy host specific ipsec.secrets
commit 905d4b6756d9c050275c429ff03c076ad4dab37c
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 7 15:35:51 2013 -0500
* testing: suppress warning on ipsec setup stop with no ipsec.conf
commit e5d4355651a1ffdabaa807d1f08820bade3120df
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 17:12:24 2013 -0500
* testing: enable core dumps for pluto
commit 978eddd32a1a17f052e18cc636eafb384dca0cbb
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 16:43:42 2013 -0500
* testing: we need yum update to get the latest nss (on f17)
commit 8a2238c8278b27822058e2e24be697909a59e798
Merge: c5dab95 e082c05
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 16:24:43 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit c5dab95adaf99a96299607fc0d1743ba4cb2c96c
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 16:24:15 2013 -0500
* testing: ensure pluto does not get restarted by systemd on crash
commit e082c05539e86485cfdbba97704b78bfe4215927
Merge: 75aa6e8 597cb26
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 19:16:55 2013 +0100
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 75aa6e8acbb7ff2c74af1b0cd528604262fb35b7
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 19:16:15 2013 +0100
add strace to fedorabase.ks
commit 597cb26a3165e6ad15d15a341f51ae4a4775137a
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 12:31:40 2013 -0500
* ipsec status worked but also said "unknown command" due to missing exit 0
commit ff5c9c22ab8fcb069f10f95d0b86d71aaaa3810d
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Jan 6 12:28:26 2013 -0500
* ipsec setup restart on systemd calls stop+start, not restart
because systemd refuses to run the start part of restart when the
system is already stopped.
commit 1d2635cb14d719515a306e1049b0b72b959b5580
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 17:06:10 2013 +0100
fix the test. weired thing east also need up for PSK to work
commit 3d7a29f6500ad19affd0c2e0691da5bc06c93ccb
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 16:40:34 2013 +0100
link /tmp/pluto.log /testing/pluto/<test>/OUTPUT/pluto.<host>.log
commit 72d254d580c83e73d294b18a48204486aab8c8ed
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 15:44:45 2013 +0100
a basic ikv1 psk test without including all/etc/ipsec.d/ipsec.conf.common
commit 987b8c863eec4f9d4497e14b1efea593b594ec64
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 15:42:56 2013 +0100
copy general ipsec.secrets not specific one exist in the test dir
commit 76594a6d4e5cecdc8f608188143ef076221c7c6c
Merge: d079adc b8a6115
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 11:52:23 2013 +0100
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d079adc7e6cf5831deb6a35a1f9c2ac61f0adfaa
Author: Antony Antony <antony at phenome.org>
Date: Sun Jan 6 11:49:16 2013 +0100
added test case ikev2-11-simple-psk without any includes.
commit d2e9dfaf4fa1245bc1ce3a291c6e1eec23b5064b
Merge: 5dde459 b8a6115
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 19:32:33 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 5dde459768c3c803e465c5cc93f5a0a9595298d7
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 19:17:56 2013 -0500
* updated changes
commit b3251e764c31f670cc40cca1cf65f3d47148ae01
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 19:09:06 2013 -0500
* SAref patches for Ubuntu kernel 3.2.0-33.52 [Simon]
commit b8a611540148b5d3c8a589ff8ef4a2ca9af61d1c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Jan 5 03:02:42 2013 -0500
* remove log_with_timestamp_desired and add comment about _desired vars
We don't need the two-step setting from log_with_timestamp_desired to
log_with_timestamp, as there is no risk of using this before the
logging system is ready. As the comment explained:
* We read the intentions for how to log from command line options
* and the config file. Then we prepare to be able to log, but until
* then log to stderr (better then nothing). Once we are ready to
* actually do loggin according to the methods desired, we set the
* variables for those methods
commit 0b04fc41f88a1c98f1f771d2252ab052db707d1b
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 02:29:43 2013 -0500
* remove pluto loglog() function from showhostkey.c
Still needs some stubs due to other issues in lswlog.c but no
longer needs lswlog.h
commit a072b9fbaae120fa89db3cb2792104a12741f5b3
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 02:17:29 2013 -0500
* spi: cur_debugging has no place outside pluto/whack
commit 6077002d4c12290629216f4d1f7a66a1485241b4
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 02:12:17 2013 -0500
* plutoalg.c leakage of libreswan_loglog()
pluto uses loglog() while the rest uses libreswan_loglog()
loglog() needs programs/pluto/log.h but libreswan_loglog() needs
include/lswlog.h. Someone mistakenly did the reverse in plutoalg.c
and fixed it by including the wrong include file.
(note the logging drama goes much deeper, but the diffs I have to fix
that are not yet ready to push)
commit a5a4de54650ba38a076acd79e846513589bbc665
Merge: d3ebcb1 8c11315
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 02:08:40 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit d3ebcb111dbc6f86b82440e1330f04419857b07a
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 02:07:23 2013 -0500
* pluto: was not logging all messages to file since libreswan 3.0
plutostderrlog= was not fully ported in, and not all logging
functions inside programs/pluto/log.c supported log_to_file.
commit 9e4a140daf7d43e43c76a297e130b88b9c5237b9
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 5 01:43:10 2013 -0500
* logging: vendorid leaked some info which should be under DEBUG only
commit 8c113159e19bfcc508ca1c5b281535313001159d
Author: Paul Wouters <paul at libreswan.org>
Date: Fri Jan 4 11:36:57 2013 -0500
* Ensure the debian/ directory gets updated version numbers too
commit 491d38d625d2af9fb0d2a51329242d4c30f1d783
Author: Antony Antony <antony at phenome.org>
Date: Fri Jan 4 14:05:32 2013 +0100
added nss and unbound dependencies
commit 3a49276fb7d9d8edf8b1a2ca0d3752a256041851
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 3 14:05:06 2013 -0500
* update changes
commit dbf0e5be02ed7a214894c00275e867a1ca5fec03
Merge: 3bccac8 b0673a0
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 3 14:02:43 2013 -0500
Merge branch 'sa-stats'
commit 3bccac842565ae2e17915c629a356af2180ea23e
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 3 13:43:30 2013 -0500
* increase number of ike_info/esp_info entries
The alg_info_ike struct needed a bigger number in some cases
when 1DES was enabled (requires explicit recompile) causing a
crash. Bumped alg_info_esp while at it just to be safe.
commit 319bbfa0218e7151099555b64e2fa6f299b26775
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 2 01:32:01 2013 -0500
updated changes with release date
commit 35f5d410ef858429f5ad8adaa840ce134af14641
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 2 00:54:41 2013 -0500
* export IPSEC_CONF from the ipsec command
commit c00211359b44bf51a436a7189624843a7d14d4f1
Author: Paul Wouters <paul at libreswan.org>
Date: Wed Jan 2 00:05:37 2013 -0500
* install: sysvinit changes for non-default install
commit e9be5ea898425cfbd7f0bc3c76c1697c277789c0
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 23:43:21 2013 -0500
* setup: also calls addconn and needs --config for non-standard install
commit 5b07bf26b4dd79cb5f3e2d2f761b96766ba5767b
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 23:37:16 2013 -0500
* second call to addconn was missing --config for non-default install location
commit 27f9f668edfda3285e5e1377e15b0d65027f371d
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 23:09:48 2013 -0500
* install: fix non-standard ipsec.conf installation issues.
addconn needs to get passed the --config option, via the ipsec
command. The same for _stackmanager which needs the location to
find the stack type. And the same for the systemd service file
commit 85964c8e47376baee57b4fa65af6e1efaeca8b9b
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 21:48:29 2013 -0500
* packaging: minor cleanup of spec files. Fixups new stable URLs
commit 0077791721cb81106e71f19c3d713a5845f4a6df
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 20:09:02 2013 -0500
updated credits
commit f5de082b7cfaff96655983f1d3517bca40c5d621
Merge: a691bb0 e6b466a
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 19:53:29 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a691bb00933d47b82a730dc327da727f102af725
Author: root <paul at libreswan.org>
Date: Tue Jan 1 19:52:09 2013 -0500
* add note on AUDIT in changes
commit bfa4b9d76f19e7dd8d3736827f93f86a493eebca
Author: root <paul at libreswan.org>
Date: Tue Jan 1 19:50:18 2013 -0500
* addconn: do DNS(SEC) lookup for case KH_IPHOSTNAME
commit e6b466a5ab01398245600b571dec1434648d7d87
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jan 1 16:29:24 2013 -0500
* update example sysctl.conf with some ipv6 settings
commit 71ce7ed8f6496560653a835508ba91e048cd429a
Author: Paul Wouters <paul at libreswan.org>
Date: Sun Dec 30 12:55:40 2012 -0500
* disable USE_LINUX_AUDIT in main branch
commit b0673a022e3c4295ba12989f211d36c22b26065d
Merge: fa036c8 524be4e
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Dec 25 15:23:08 2012 -0500
Merge branch 'master' into sa-stats
commit fa036c88e3f807a3101509dc220c8682bf211041
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 10:44:13 2012 -0800
print ah and ipcomp data too
commit 786aee35df273dd3e0903c172dcd7d390c4a7424
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 09:43:23 2012 -0800
log ah and ipcomp data too
commit ed1ca2c23ba0f296f535dc732f92e5122c2000eb
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 09:31:50 2012 -0800
only log down info on ESP usage
commit 292123162b1db9e7d31f507a5e8bc5105034d585
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 09:26:22 2012 -0800
humanize the down output traffic information too
commit e2fff38821a2ba81e8cffe3ff38d13556870ec37
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 09:19:28 2012 -0800
print humanized numbers for in/out traffic on auto --status
commit 68aaf930e51f9cf075ce2c07bf53d112d95a5b1a
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 09:04:39 2012 -0800
Print in/out/max bytes properly
commit 3392d69dc0eb6851286dc48c3d04e65db6d02216
Author: Wes Hardaker <opensource at hardakers.net>
Date: Sat Dec 22 08:50:41 2012 -0800
log traffic information in a better way
commit f3c27c57095adfcbaaa6a45556637c69e13ddc3c
Author: Wes Hardaker <opensource at hardakers.net>
Date: Thu Dec 20 09:01:34 2012 -0800
initial stab at printing statistics
More information about the Swan-commit
mailing list