[Swan-commit] Changes to ref refs/heads/master

Tue Feb 10 04:25:47 EET 2015

New commits:
commit 19af1f3022019306dc909a555ecd63d3cdfe621b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Feb 10 10:23:22 2015 +0800

    testing: added ikev2-ddos-01

commit 7ea539844e2344f6852f5edca967ee764b6d5e44
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Feb 10 10:17:42 2015 +0800

    pluto: anti-DDOS support
    
    This adds the keywords:
    
    ddos-ike-treshold : number of IKE SAs before sending DCOOKIES in IKEv2
                        (we should prob refuse new conn for IKEv1 when we hit this)
    max-halfopen-ike  : number of half-open IKE SAs before we start refusing new IKE_INIT
                        (we should prob refuse new conn for IKEv1 when we hit this)
    
    New status output in ipsec status:
    
    000 State Information: DDoS cookies REQUIRED, Accepting new IKE connections
    000 IKE SAs: total(100), half-open(100), authenticated(0), anonymous(100)
    000 IPsec SAs: total(0), anonymous(<todo>)
    
    New command: ipsec whack --globalstatus (format will change) will show an enumered
    list of states and count. The idea is to move most of the "config setup items from
    "ipsec status" to "ipsec globalstatus"