[Swan-commit] Changes to ref refs/heads/fragmentation

Paul Wouters paul at vault.libreswan.fi
Tue Jan 22 05:59:08 EET 2013 

New commits:
commit 326d7fa345c73eae94041c2db634290688153ffe
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jan 21 22:54:06 2013 -0500

    * pluto: Add support for ike_frag=yes|no|force keyword
    
    This adds the option to the parser, along with two policy flags
    POLICY_IKE_FRAG_ALLOW and POLICY_IKE_FRAG_FORCE
    
    We send the fragmentation vendorid except when ike_frag=no
    
    Processing of fragments and sending of fragments are not yet
    implemented with this commit.
    
    VID_MISC_FRAGMENTATION renamed to VID_IKE_FRAGMENTATION

commit 4e78b421379a9c34f78a015b328395230c199374
Merge: de2f1f5 a38479b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jan 21 22:18:01 2013 -0500

    Merge branch 'master' into fragmentation

commit a38479b931dcf4b000a3ba7fe0ead353c9978e17
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jan 21 22:10:32 2013 -0500

    * libipsecconf: policy misuse due to type change from int to lset_t
    
    Some code is still using policy as if it was an int, but it is an lset_t.
    This would cause problems for every policy bit > 31, which up to now was
    only the SAref tracking policy bits:
    
      POLICY_SAREF_TRACK    = LELEM(32), /* Saref tracking via _updown */
      POLICY_SAREF_TRACK_CONNTRACK    = LELEM(33), /* use conntrack optimization */
    
    But I will be adding the IKE fragmentation policy flags, so this
    became an issue in confwrite.c.
    
    The assumption that c->policy is of type int is probably all over the
    code and needs a thorough review.

commit 777f76e74487c7446290fbdaab7387e4397a54eb
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jan 21 22:04:23 2013 -0500

    * whack: C is not python - cannot do switch() over non-int

commit 6593c9c9a68ececaf7d1ebda1a8163e1c7ac0576
Merge: c330b64 22da35c
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jan 21 21:55:35 2013 -0500

    Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan

commit 22da35cb1df8b2c6b49af881fa7251a89d054fa5
Author: Paul Wouters <paul at libreswan.org>
Date:   Mon Jan 21 20:56:08 2013 -0500

    * XAUTH: expose xauthby=alwaysok to "ipsec whack"
    
    ipsec whack  [...] --xauthby XXX did not yet support "alwaysok"

commit c330b64f19235d511d65f8f9703ce62174dfd9d3
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jan 21 18:16:13 2013 -0500

    * clarify a break statement with a comment

commit de2f1f5dc3d6ef9dccb3fdffad976a115b9b9f0d
Merge: 7c3ba62 32dc901
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jan 21 17:14:43 2013 -0500

    Merge branch 'master' into fragmentation

commit 32dc9011475009f7731f1ba405e91f7554a08ed5
Author: Paul Wouters <paul at libreswan.org>
Date:   Mon Jan 21 14:49:42 2013 -0500

    * man page: added note on systemd to plutorestartoncrash=

commit 83e5a088d5437b971fd4293151cb326b89894177
Author: Paul Wouters <paul at libreswan.org>
Date:   Mon Jan 21 14:33:09 2013 -0500

    * pluto: Do not attempt to open a logfile if none is configured

commit 953da179c961aa1e77c7439affaba1a5b24337bd
Merge: 608d435 18eb872
Author: Paul Wouters <paul at libreswan.org>
Date:   Mon Jan 21 14:12:40 2013 -0500

    Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan

commit 608d435ce5f39403d7f0182b7f0310a2d77dc3b1
Author: Paul Wouters <paul at libreswan.org>
Date:   Mon Jan 21 14:11:26 2013 -0500

    * testing: net.ipv4.conf.eth0.rp_filter was missing from sysctl.conf
    
    We disabled rp_filter in testing/baseconfigs/all/sysctl.conf for
    all but eth0.

commit 18eb872e6d64256d3a4b5002912529195ce063a8
Author: Antony Antony <antony at phenome.org>
Date:   Mon Jan 21 02:44:53 2013 +0200

    *testing: cleanup basic-pluto-01 to run final.sh

commit fe757536dfffd05cf69f95a0c4363ba47671080b
Author: Antony Antony <antony at phenome.org>
Date:   Mon Jan 21 02:43:32 2013 +0200

    *testing: run final.sh

commit 0f36fe2f89faca0c3b65c35dc842206e4fa85f2c
Author: Antony Antony <antony at phenome.org>
Date:   Mon Jan 21 01:03:29 2013 +0200

    *testing: paul's changes ping sanitizer

commit 4f5186a00e8bb5780ea5b478de44896002f93529
Author: Antony Antony <antony at phenome.org>
Date:   Mon Jan 21 01:01:42 2013 +0200

    *testing: don't send emptly lines from *init and *run

commit 6c98431c9e94c141d926d6c85bb7ca701fb5bdc0
Merge: a5668a4 3ed96dc
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 20 12:26:53 2013 -0500

    Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan

commit a5668a45b2778ac9050996db427a739490731227
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 20 12:25:17 2013 -0500

    * updated changes

commit cf4343357b22a484c1f441eddebe6bd5d786340f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 20 12:24:24 2013 -0500

    * addconn: If no protostack= is configured, return "netkey" as default

commit 3ed96dcb3030905c4109c7da5042a5e0cc46b3d8
Merge: cb2ffa7 1001e39
Author: Paul Wouters <paul at libreswan.org>
Date:   Sat Jan 19 18:40:47 2013 -0500

    Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan

commit cb2ffa7ee4b04f602889f5c0f88770985c3b04ae
Author: Paul Wouters <paul at libreswan.org>
Date:   Sat Jan 19 18:36:01 2013 -0500

    * pluto: show orientation with ipsec auto --status
    
    When a connection is not oriented, the display of such a connection
    in ipsec auto --status is 'undefined'. One side is called "left" without
    any real proof. As such, one could not see the difference between a
    properly oriented connection, and a unoriented connection that just
    happened to look the same. This adds an entry to the output that will
    state "oriented" or "unoriented", eg:
    
    000 "redhat": 76.10.157.69[@RH-standard,+MC+XC+S=C]---76.10.157.65...66.187.233.55<vpn-rdu.redhat.com>[MS+XS+S=C]; unrouted; eroute owner: #0
    000 "redhat":     oriented; myip=unset; hisip=unset;
    000 "redhat":     xauth info: myxauthuser=pwouters;
    000 "redhat":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; sha2_truncbug: yes
    000 "redhat":   policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: virbr0;
    000 "redhat":   dpd: action:hold; delay:30; timeout:60;

commit 1001e39467063126362df7f869f60e9bf870b618
Merge: 49edd0c de7c4a4
Author: Antony Antony <antony at phenome.org>
Date:   Fri Jan 18 16:00:28 2013 +0200

    Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan

commit 49edd0c0f097881e71369a392855fb8b437d110a
Author: Antony Antony <antony at phenome.org>
Date:   Fri Jan 18 15:59:39 2013 +0200

    * testing:  use stty --echo in runkvm.py

commit de7c4a4ce86f4b730dad94b1fd7d63a63eb04f38
Author: Paul Wouters <paul at libreswan.org>
Date:   Thu Jan 17 17:45:59 2013 -0500

    * manual: Remove last remnants of manual keying from man pages

More information about the Swan-commit mailing list