[Swan-commit] Changes to ref refs/heads/fragmentation
Paul Wouters
paul at vault.libreswan.fi
Tue Jan 22 05:59:08 EET 2013
New commits:
commit 326d7fa345c73eae94041c2db634290688153ffe
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 22:54:06 2013 -0500
* pluto: Add support for ike_frag=yes|no|force keyword
This adds the option to the parser, along with two policy flags
POLICY_IKE_FRAG_ALLOW and POLICY_IKE_FRAG_FORCE
We send the fragmentation vendorid except when ike_frag=no
Processing of fragments and sending of fragments are not yet
implemented with this commit.
VID_MISC_FRAGMENTATION renamed to VID_IKE_FRAGMENTATION
commit 4e78b421379a9c34f78a015b328395230c199374
Merge: de2f1f5 a38479b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 22:18:01 2013 -0500
Merge branch 'master' into fragmentation
commit a38479b931dcf4b000a3ba7fe0ead353c9978e17
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 22:10:32 2013 -0500
* libipsecconf: policy misuse due to type change from int to lset_t
Some code is still using policy as if it was an int, but it is an lset_t.
This would cause problems for every policy bit > 31, which up to now was
only the SAref tracking policy bits:
POLICY_SAREF_TRACK = LELEM(32), /* Saref tracking via _updown */
POLICY_SAREF_TRACK_CONNTRACK = LELEM(33), /* use conntrack optimization */
But I will be adding the IKE fragmentation policy flags, so this
became an issue in confwrite.c.
The assumption that c->policy is of type int is probably all over the
code and needs a thorough review.
commit 777f76e74487c7446290fbdaab7387e4397a54eb
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 22:04:23 2013 -0500
* whack: C is not python - cannot do switch() over non-int
commit 6593c9c9a68ececaf7d1ebda1a8163e1c7ac0576
Merge: c330b64 22da35c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 21:55:35 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 22da35cb1df8b2c6b49af881fa7251a89d054fa5
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 21 20:56:08 2013 -0500
* XAUTH: expose xauthby=alwaysok to "ipsec whack"
ipsec whack [...] --xauthby XXX did not yet support "alwaysok"
commit c330b64f19235d511d65f8f9703ce62174dfd9d3
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 18:16:13 2013 -0500
* clarify a break statement with a comment
commit de2f1f5dc3d6ef9dccb3fdffad976a115b9b9f0d
Merge: 7c3ba62 32dc901
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 21 17:14:43 2013 -0500
Merge branch 'master' into fragmentation
commit 32dc9011475009f7731f1ba405e91f7554a08ed5
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 21 14:49:42 2013 -0500
* man page: added note on systemd to plutorestartoncrash=
commit 83e5a088d5437b971fd4293151cb326b89894177
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 21 14:33:09 2013 -0500
* pluto: Do not attempt to open a logfile if none is configured
commit 953da179c961aa1e77c7439affaba1a5b24337bd
Merge: 608d435 18eb872
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 21 14:12:40 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 608d435ce5f39403d7f0182b7f0310a2d77dc3b1
Author: Paul Wouters <paul at libreswan.org>
Date: Mon Jan 21 14:11:26 2013 -0500
* testing: net.ipv4.conf.eth0.rp_filter was missing from sysctl.conf
We disabled rp_filter in testing/baseconfigs/all/sysctl.conf for
all but eth0.
commit 18eb872e6d64256d3a4b5002912529195ce063a8
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 21 02:44:53 2013 +0200
*testing: cleanup basic-pluto-01 to run final.sh
commit fe757536dfffd05cf69f95a0c4363ba47671080b
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 21 02:43:32 2013 +0200
*testing: run final.sh
commit 0f36fe2f89faca0c3b65c35dc842206e4fa85f2c
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 21 01:03:29 2013 +0200
*testing: paul's changes ping sanitizer
commit 4f5186a00e8bb5780ea5b478de44896002f93529
Author: Antony Antony <antony at phenome.org>
Date: Mon Jan 21 01:01:42 2013 +0200
*testing: don't send emptly lines from *init and *run
commit 6c98431c9e94c141d926d6c85bb7ca701fb5bdc0
Merge: a5668a4 3ed96dc
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 20 12:26:53 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit a5668a45b2778ac9050996db427a739490731227
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 20 12:25:17 2013 -0500
* updated changes
commit cf4343357b22a484c1f441eddebe6bd5d786340f
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jan 20 12:24:24 2013 -0500
* addconn: If no protostack= is configured, return "netkey" as default
commit 3ed96dcb3030905c4109c7da5042a5e0cc46b3d8
Merge: cb2ffa7 1001e39
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 19 18:40:47 2013 -0500
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit cb2ffa7ee4b04f602889f5c0f88770985c3b04ae
Author: Paul Wouters <paul at libreswan.org>
Date: Sat Jan 19 18:36:01 2013 -0500
* pluto: show orientation with ipsec auto --status
When a connection is not oriented, the display of such a connection
in ipsec auto --status is 'undefined'. One side is called "left" without
any real proof. As such, one could not see the difference between a
properly oriented connection, and a unoriented connection that just
happened to look the same. This adds an entry to the output that will
state "oriented" or "unoriented", eg:
000 "redhat": 76.10.157.69[@RH-standard,+MC+XC+S=C]---76.10.157.65...66.187.233.55<vpn-rdu.redhat.com>[MS+XS+S=C]; unrouted; eroute owner: #0
000 "redhat": oriented; myip=unset; hisip=unset;
000 "redhat": xauth info: myxauthuser=pwouters;
000 "redhat": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes
000 "redhat": policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: virbr0;
000 "redhat": dpd: action:hold; delay:30; timeout:60;
commit 1001e39467063126362df7f869f60e9bf870b618
Merge: 49edd0c de7c4a4
Author: Antony Antony <antony at phenome.org>
Date: Fri Jan 18 16:00:28 2013 +0200
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 49edd0c0f097881e71369a392855fb8b437d110a
Author: Antony Antony <antony at phenome.org>
Date: Fri Jan 18 15:59:39 2013 +0200
* testing: use stty --echo in runkvm.py
commit de7c4a4ce86f4b730dad94b1fd7d63a63eb04f38
Author: Paul Wouters <paul at libreswan.org>
Date: Thu Jan 17 17:45:59 2013 -0500
* manual: Remove last remnants of manual keying from man pages
More information about the Swan-commit
mailing list