[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Wed Dec 3 22:37:29 EET 2014
New commits:
commit ad1979fda2082d70b7dc3f8b8101c9c82cd40e99
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Dec 3 15:36:41 2014 -0500
testing: Move clearing audit log from swan-transmogrify to swan-prep
commit 95cd919369b0c44c5e4dfcb48a75c788e5fe975b
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Dec 3 15:36:19 2014 -0500
testing: Added netkey-audit-01
commit 3c148ceb5bc3934f97453b050a8413b50342c3fd
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Dec 3 15:14:10 2014 -0500
* AUDIT: log remoteid in hex to protect against abuse
commit 41fe631a57b3f4e6dda7657a7898d00bb69b4b5e
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Dec 3 15:11:48 2014 -0500
IKEv2: change IS_PARENT_SA_ESTABLISHED() usage in success_v2_state_transition()
The macro use was not what the name inplied and then reversed, but in the
end it just wants to check for STATE_PARENT_I2 or STATE_PARENT_R1, so use
that directly.
commit a8c9c2d048ccd7454a305867562c91864faa0124
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Dec 3 14:56:09 2014 -0500
lib/libswan/ttodata.c: minor cleanup for use with TTODATA_MAIN
commit f70705eac542e0756de35f0db0090bc512fac59f
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Dec 3 13:01:07 2014 -0500
comment: add note for ISAKMP_SA_established()
Called by main_inI3_outR3_tail() which is called for initiator and responder
alike! So this function should not be in initiate.c. It is also not called
in IKEv2 code. All it does is set latest serial in connection and check xauth,
so it is ikev1 specific. It is also not called in IKEv1 Aggressive Mode
commit 30cd2bd6691015af2c28ff567eb7562a6dd7fe70
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Dec 3 12:45:33 2014 -0500
pluto: Add Linux audit support for IKE and IPsec SA's
commit 5d6e5cea3d6a0ca08ad68da9164559cbc2fa1dea
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Dec 3 12:40:12 2014 -0500
pluto: Fix ESTABLISHED macro's in pluto_constants.h
The following macros were changed:
IS_IKE_SA_ESTABLISHED()
IS_CHILD_SA_ESTABLISHED()
IS_PARENT_SA_ESTABLISHED()
Note that since IS_PARENT_SA_ESTABLISHED() actually pointed to only some
non-established states, the logic was changed in the caller. Luckilly,
it was only used for printing a log line.
commit e8f0c8f2c458dcdabc603ffe31270b818c907f23
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Dec 3 12:35:57 2014 -0500
IKEv2: add missing STATE_IKESA_DEL and STATE_CHILDSA_DEL to state_name enum
These states were incorrectly printed as STATE_IKEv2_ROOF
commit 44f616b9ad8ded3e5f2887c225648ac9c2ab4177
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Dec 1 18:29:57 2014 -0500
NETKEY: Increase netlink message buffer for larger SElinux labels
commit 8d3cfee2f558942f31f2f56b53aab19b1fdc00cc
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Dec 1 17:41:06 2014 -0500
testing: updated ikev2-algo-09-camellia to only test ESP for now.
commit ce89ea7feed076044110da204456b8ba68a0986a
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Dec 1 17:32:53 2014 -0500
IKEv2: Fix esp=camellia to use the IKEv2 IANA registry number for ESP
Unfortunately, the IETF made a mistake with the registry for camellia,
so the IKEv1 and PF_KEY (ipsec-v3) entry for is 22, but the IKEv2
entry (for IKEv2 algo and ESP algo) is 23.
This patch juggles the numbers used during IKE to be 23, but uses 22
with respect to the kernel esp algo registry entry to confirm support
in the kernel (as per PFKEY/ipsec-v3)
More information about the Swan-commit
mailing list