[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Fri Sep 26 05:24:10 EEST 2014
New commits:
commit 643deccff49b9da91b7efcf94cc51c633b549c1b
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 25 17:50:44 2014 -0400
updated changes
commit d07dae52679b35bf4df10d32df1f76e32a371145
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 25 17:28:55 2014 -0400
* pluto: Fixed reserved ISAKMP flag handing, original initiator handling [Paul]
- Clear ISAKMP reserved flags if we use received header as template for
outgoing ISAKMP header.
- Rename flags in ietf_constants to show if these are IKEv1 or IKEv2
- Rename flag_bit_names to isakmp_flag_names
- Rename "critical bit" to "flags".
- IMPAIR_SEND_BOGUS_ISAKMP_FLAG option actually set reserved flags in
individual payloads, not the ISAKMP haeder itself. So it was renamed to
IMPAIR_SEND_BOGUS_PAYLOAD_FLAG
- Added actual IMPAIR_SEND_BOGUS_ISAKMP_FLAG feature in IKEv1 and IKEv2
- Added option --impair-send-bogus-payload-flag to pluto
- Renamed various n_hdr / r_hdr to just hdr
- Renamed echo_hdr() to ikev1_echo_hdr() and move from ipsec_doi.c to ikev1.c
- Removed 10 year old KLUDGE comments
- Renamed build_ike_version() to build_ikev2_version()
This function supports an IMPAIR to bump version, but does not implement
setting the ISAKMP_FLAGS_v2_VERSION flag to indicate we could have done a
higher IKE version.
- ikev2_send_informational(), process_encrypted_informational_ikev2() and
ikev2_in_create_child_sa_refuse() need to set ISAKMP_FLAGS_v2_IKE_I when
it is the original initiator.
send_v2_notification() unconditionally clears ISAKMP_FLAGS_v2_IKE_I
which seems wrong (eg when responder sends a delete)
All the IKEv2 code near "HDR out" should really be turned into a proper
function to remove code dplucation.
commit 37637f774b3ba84eef43dcd5c14ce5d9648607e6
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 25 17:25:40 2014 -0400
testing: IKEv1 and IKEv2 tests for isakmp-reserved-flags
Tests ensure no ISAKMP reserved flags are copied from the received
header into the response header
More information about the Swan-commit
mailing list