[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Fri Sep 26 05:24:10 EEST 2014 

New commits:
commit 643deccff49b9da91b7efcf94cc51c633b549c1b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Sep 25 17:50:44 2014 -0400

    updated changes

commit d07dae52679b35bf4df10d32df1f76e32a371145
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Sep 25 17:28:55 2014 -0400

    * pluto: Fixed reserved ISAKMP flag handing, original initiator handling [Paul]
    
    - Clear ISAKMP reserved flags if we use received header as template for
      outgoing ISAKMP header.
    - Rename flags in ietf_constants to show if these are IKEv1 or IKEv2
    - Rename flag_bit_names to isakmp_flag_names
    - Rename "critical bit" to "flags".
    - IMPAIR_SEND_BOGUS_ISAKMP_FLAG option actually set reserved flags in
      individual payloads, not the ISAKMP haeder itself. So it was renamed to
      IMPAIR_SEND_BOGUS_PAYLOAD_FLAG
    - Added actual IMPAIR_SEND_BOGUS_ISAKMP_FLAG feature in IKEv1 and IKEv2
    - Added option --impair-send-bogus-payload-flag to pluto
    - Renamed various n_hdr / r_hdr to just hdr
    - Renamed echo_hdr() to ikev1_echo_hdr() and move from ipsec_doi.c to ikev1.c
    - Removed 10 year old KLUDGE comments
    - Renamed build_ike_version() to build_ikev2_version()
      This function supports an IMPAIR to bump version, but does not implement
      setting the ISAKMP_FLAGS_v2_VERSION flag to indicate we could have done a
      higher IKE version.
    - ikev2_send_informational(), process_encrypted_informational_ikev2() and
      ikev2_in_create_child_sa_refuse() need to set ISAKMP_FLAGS_v2_IKE_I when
      it is the original initiator.
    
    send_v2_notification() unconditionally clears ISAKMP_FLAGS_v2_IKE_I
    which seems wrong (eg when responder sends a delete)
    
    All the IKEv2 code near "HDR out" should really be turned into a proper
    function to remove code dplucation.

commit 37637f774b3ba84eef43dcd5c14ce5d9648607e6
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Sep 25 17:25:40 2014 -0400

    testing: IKEv1 and IKEv2 tests for isakmp-reserved-flags
    
    Tests ensure no ISAKMP reserved flags are copied from the received
    header into the response header

More information about the Swan-commit mailing list