[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Sat Jun 13 21:27:58 EEST 2015


New commits:
commit 87682ab7507ed8387d77efde3bee7f56a76f0d94
Merge: cdc2e60 5bffc34
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Jun 13 14:27:36 2015 -0400

    Merge branch 'master' into oe-scratch3
    
    Conflicts:
    	programs/pluto/ikev1.c
    	programs/pluto/ikev2_parent.c

commit cdc2e605b70dc3f3f7446a727665d29af89f94c5
Merge: 966416c 2668b14
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Jun 13 13:14:49 2015 -0400

    Merge branch 'master' into oe-scratch3

commit 966416cc018307d3f95926c2c8ebf8fd887a0919
Merge: 684e9ea 943eddc
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Jun 13 12:38:59 2015 -0400

    Merge branch 'the-count' into oe-scratch3
    
    Conflicts:
    	programs/pluto/state.c

commit 684e9eaeb5fda3adf750bf9a938c97e2414a74f3
Merge: 9c571d6 a34c55f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Jun 13 12:37:06 2015 -0400

    Merge branch 'master' into oe-scratch3

commit 943eddcfdaf1c406ded02b914fea9891b59fd3c7
Merge: 318ab20 a34c55f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Jun 13 12:36:52 2015 -0400

    Merge branch 'master' into the-count

commit 9c571d6a6ce24ef398271c0b0ce40f47bde7f8aa
Author: Antony Antony <antony at phenome.org>
Date:   Sat Jun 6 12:36:19 2015 -0500

    testing: baseconfigs/all/etc/ipsec.d/ikev2-oe.conf has no ikelifetime
    rekey.. it is part of test default section

commit 2e5e84e446677930777e32a65223ab2e95df9b83
Author: Antony Antony <antony at phenome.org>
Date:   Sat Jun 6 12:35:36 2015 -0500

    ikev2: OE connection expire if no traffic.

commit ad923c95966905a5d19217f1993d2228d94c33d3
Merge: 000ccb0 07209a4
Author: Antony Antony <antony at phenome.org>
Date:   Sat Jun 6 11:27:08 2015 -0500

    Merge branch 'master' into oe-scratch3

commit 000ccb0f3924d9ed954f92d56d8e820eba63efe1
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jun 10 22:41:28 2015 -0400

    pluto: minor logging fixes
    
    Some logs that showed up on a busy OE server that showed it was
    accidentally always logged.

commit 6ce4248e9cce826cff6cdcdd2d2e1fe6b54448f9
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jun 10 22:27:03 2015 -0400

    pluto: minor logging cleanup - fix consistency of OPPO vs AUTHNULL
    
    Decisions for logging should be based on OPPO, not AUTHNULL

commit fd3798431f7f56565e6aefb14cfd8ff1d756c102
Merge: 0ae43a8 690b1be
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jun 10 22:02:38 2015 -0400

    Merge branch 'master' into oe-scratch3
    
    Conflicts:
    	testing/pluto/TESTLIST

commit 0ae43a86c0644bb12c9738f2d518dd4af58b8445
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 5 13:29:16 2015 -0400

    pluto: Don't send v2N_INVALID_MSGID in response to duplicate IKE_INIT packet

commit d148299e7accd5b59ca215e7e0ece705c6e558c8
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 5 10:41:15 2015 -0400

    pluto: reduce logging in ikev2_log_payload_errors()
    
    If we cannot find a state, or the state is opportunistic, only
    log payload errors when DBG_OPPO is set.

commit 682731d18bdc6a7eef395fde83a88c5b6a4c640c
Merge: f1bfa7f edf7bd4
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 5 10:18:26 2015 -0400

    Merge branch 'master' into oe-scratch3

commit f1bfa7fab4fa6e455734b9da4a230f7f9cce310b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 5 10:17:34 2015 -0400

    pluto: reduce logging in delete_state() for Opportunistic Encryption
    
    but move it into DBG_LIFECYCLE for debugging

commit 90663540130408d934a9b663ea8fa92db7814c1b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 5 10:10:00 2015 -0400

    pluto: reduce default logging for deleting partial IKE SA's
    
    Move it to DBG_LIFECYCLE if the connection is Opportunistic.

commit ae645e80be8bdc0bfe706519fde52bd5afe1776f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 5 00:51:08 2015 -0400

    pluto: expire_bare_shunts() used ntohs() instead of ntohl() on the ipsec_spi_t
    
    Causing our logs to fill with delete failed for %unk-0

commit 0dcb9d26a2f7b0d1639a06f75f30f479c0a0175d
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 5 00:49:07 2015 -0400

    pluto: delete bare shunt even when kernel shunt deletion failed
    
    There is not much point to try again, especially if it already does
    not exist. We would just be collecting these over time. Also, it
    somehow caused an infinite loop at some point causing pluto to go
    99% cpu trying to delete the non-existent kernel shunt.
    
    So when kernel shunt deletion failed, just remove the entry from the
    pluto bare_shunts table.

commit 2e71175c5324149b997852d022bb8617fcda7f33
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 5 00:47:57 2015 -0400

    pluto: for now, pexpect, not passert in free_bare_shunt()
    
    Although by now, the likely cause (see previous commit) probably
    resolved this.

commit 98e23f43dc15ecedf703f0fb323d89554ea2ae12
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 5 00:45:47 2015 -0400

    kernel_netlink: dont setup expiring shunt's yet
    
    They work, but it is confusing as two mechanisms are expiring
    shunts with this. Ideally, we will move to only using this method.
    For now though, do not set the softuse expire on shunts.

commit e368158fcc85528271ed6255003a896289421f64
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 5 00:40:37 2015 -0400

    pluto: basically undo commit 42e9ba4c
    
    This commit would let a second acquire for the same thing through,
    creating confusion in the bare_shunt table. Before this commit, these
    would be dropped and ignored. This restores that behaviour

commit 0219792a25af7ed161558aa43813dbe843d5a58c
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Thu Jun 4 02:40:57 2015 -0400

    pluto: tweak 456cad3b4e0c16b9349213bbcde2c2506aa841c0

commit 5414e713519f3eb16417184adefe3641a2ef7dca
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Thu Jun 4 02:23:22 2015 -0400

    pluto: tweak aca54754776cf01cffa504cf862a19e363717cef

commit aca54754776cf01cffa504cf862a19e363717cef
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jun 3 22:07:47 2015 -0400

    PROPOSED: check_msg_errqueue() should not log ICMP messages for unknown senders
    
    Running on a busy AUTH_NULL server we get several packets per second back that
    we cannot seem to match to a sender, and these were getting logged. So I
    changed it to log ICMPs only if DBG_OPPO or we have a sender that does not
    have authnull. no known sender means only log with DBG_OPPO
    
    With this and the two previous commits, the nssec.nohats.ca server produces
    very little logging.

commit 456cad3b4e0c16b9349213bbcde2c2506aa841c0
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jun 3 22:04:33 2015 -0400

    PROPOSED change: find_sender()'s assumption on pacet length is wrong
    
    It tried to only when the sender was known, but find_sender()
    checks if our transmitted packet length is equal to the received
    ICMP data. But this length does not match at all, the ICMP is much
    shorter. However, it seems the memeq() of the packet_len does equal,
    so try to use that instead.
    
    When running with logging in this function, it showed that about 5 out 6
    packets would find a sender with this change. The 6th one would still
    have a sender == NULL, so this would still cause quite the DOS. See next
    commit for a proposed workaround on that.

commit 1a4b2718267559cc79b29883dbfbd7ddd7842321
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jun 3 22:02:32 2015 -0400

    PROPOSED change: change a few log to debug messages in ikev2parent_inR1*()
    
    We do not have a ratelimit on these messages, so until then, don't log
    unless debug is configured. The problem here is that we are in inR1
    and so we don't know yet which connection this is for, so we cannot
    decide based on OE/AUTH_NULL policies.

commit 9dc370d3011bc74dee0eb55ddf3c3906f50b5d46
Merge: 2b91da6 0ed8082
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jun 3 18:48:55 2015 -0400

    Merge branch 'master' into oe-scratch3
    
    Conflicts:
    	programs/pluto/plutomain.c

commit 2b91da65c2be696b6ccc5e026e56e501b2bc53a9
Merge: d2107fa 4430222
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jun 3 14:13:00 2015 -0400

    Merge branch 'master' into oe-scratch3

commit d2107fa6afe7fbfd97a4ecd0553652e15eaf6f85
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jun 2 23:09:47 2015 -0400

    testing: remove unused testing/sanitizers/backgrounder.sed

commit f60db4593702f4bfb5486ae5c59065c2aa973940
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jun 2 23:09:18 2015 -0400

    testing: pluto-whack-sanitize.sed sanitizer add_time=
    
    which is displayed in whack --trafficstatus

commit a207f5f11808a9fd6994bbc372f241f218750415
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jun 2 23:08:51 2015 -0400

    testing: update misc-sanitize.sed to sanitizer all backgrounding

commit 0cf1b49f8010915ffe6173ecabef309e879aea19
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jun 2 23:07:06 2015 -0400

    testing: some updates to the newoe-* tests with for updated sanitizers

commit d499934d35eabb1a627a2dbec2a1dde66d5b73a2
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jun 2 21:48:12 2015 -0400

    documentation: fixup man page entries for ddos- options.
    
    and note force-busy= is obsoleted

commit 167d81a2692305473b0765482b75fe42948d567b
Merge: 29efa09 6a33ae6
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jun 2 19:45:39 2015 -0400

    Merge branch 'master' into oe-scratch3

commit 29efa098a534b6d19fba3bba7fc792d9b24e655b
Merge: 7487938 ccd9877
Author: Antony Antony <antony at phenome.org>
Date:   Tue Jun 2 12:57:34 2015 -0500

    Merge branch 'master' into oe-scratch3

commit 7487938d37aa1a9116d49bba9fc7e3a1d97df3fe
Author: Antony Antony <antony at phenome.org>
Date:   Tue Jun 2 10:44:10 2015 -0500

    cleanup the test

commit 596828235743ae6e897e1bb34398458a88149f87
Merge: a9310f3 14307dd
Author: Antony Antony <antony at phenome.org>
Date:   Tue Jun 2 10:39:12 2015 -0500

    Merge branch 'master' into oe-scratch3

commit a9310f3e59e7fd741fa5b8e95ff5bc4441f19ab2
Merge: 7022830 c82b17e
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jun 1 17:37:39 2015 -0400

    Merge branch 'master' into oe-scratch3

commit 70228303cd125b33c31095b0b04d4cf0a437ffa8
Merge: a6bc4ee 9ed4f93
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jun 1 13:33:55 2015 -0400

    Merge branch 'master' into oe-scratch3

commit a6bc4ee1cf46a47108c6de015c41ea3be117216b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 31 21:12:32 2015 -0400

    pluto: ISAKMP_SA_established() should take AUTH_NULL into account.
    
    It should not go weeding out connections based on uniquIDs if
    AUTH_NULL is supported by those connections, as we cannot tell if
    these are different clients or replacements of old clients.

commit aee5d866dd9e1d604d8bf64f479942cbb5c8b38f
Merge: 04349ed 92aec0c
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 31 21:09:36 2015 -0400

    Merge branch 'master' into oe-scratch3

commit 04349edf5c4c0a6dece2cd05048572d99c7efc24
Merge: b7dfd3e d1aa9d6
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 31 20:26:08 2015 -0400

    Merge branch 'master' into oe-scratch3

commit b7dfd3e63b48a96b0b5381ca75cc7552274d7c32
Merge: a05401c a9dae3e
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 31 16:25:56 2015 -0400

    Merge branch 'master' into oe-scratch3
    
    Conflicts:
    	lib/libipsecconf/confread.c

commit a05401c36429906f2b4477ed7382aaa8ee38cc2a
Merge: 05bf50c a04db8f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 31 16:07:37 2015 -0400

    Merge branch 'master' into oe-scratch3

commit 05bf50c7ffe30c7ff7396443c8bf37f3202d8ddf
Merge: d703a35 aeb8e1d
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 31 11:13:15 2015 -0400

    Merge branch 'oe-scratch3' of vault.libreswan.fi:/srv/src/libreswan into oe-scratch3

commit d703a35e6cb802af5ddeb068d8f7a63d9bc55436
Merge: 3a10a7e 32f8de3
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 31 11:12:50 2015 -0400

    Merge branch 'master' into oe-scratch3

commit aeb8e1dbae23fb17ff7a21014fc7efcc876845ef
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 29 16:15:44 2015 -0400

    pluto: do not print IKEv2 ID if it is AUTH_NULL
    
    It has no real information and can cause DOS on the logs.
    Do print something when AUTH_NULL and DBG_OPPO is set.

commit b1a6f0879e418151a6c8aa554a1c899a6a89cd5c
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 29 15:51:00 2015 -0400

    testing: added newoe-08-restart newoe-09-mutual

commit 4386fa87a5566ef3d402c5c10d68b11cb80720fe
Author: Antony Antony <antony at phenome.org>
Date:   Thu May 28 12:26:26 2015 -0500

    testing use common files

commit 25e1d767d422129eebd0cc0da087f06eb20e6acf
Author: Antony Antony <antony at phenome.org>
Date:   Thu May 28 12:25:22 2015 -0500

    testcases

commit 25ac4c207c519d30f732e97b648ea031246303e1
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 28 00:50:11 2015 -0400

    testing: newoe-06-prio to confirm RSA of PSK
    
    currently failing with core

commit 691e19c0e2ffbf004920ce560c80c039e3adb408
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed May 27 23:34:24 2015 -0400

    testing: updated newoe-05 with careful shunt lifetime monitoring

commit aee27981cfd00f4bdd61523cdc1eb880268ca373
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Tue May 26 21:30:23 2015 -0400

    pluto: more tidying

commit eeb0272aab673f1b3282879f09d6e13a35d5454e
Merge: a84a741 3a10a7e
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Tue May 26 21:20:44 2015 -0400

    Merge branch 'oe-scratch3' of vault.libreswan.org:/srv/src/libreswan into oe-scratch3

commit 3a10a7e558411998e6063452368fbadbd5f847cd
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Tue May 26 19:08:18 2015 -0400

    ikev2parent_inI1outR1: fix loop bound; tidy

commit a84a741a2d195aa4b9ce8e1a2308fda872238705
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Tue May 26 01:37:10 2015 -0400

    pluto: tidy some tricky bits

commit 398680d979c013f3e9dbd0e5ee0af9d7fa350ee3
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 25 22:35:13 2015 -0400

    fix two accidental unconditional debug messages

commit 9ee21fa126819605627c149248d19675ef68ab00
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 25 22:21:23 2015 -0400

    more OE logging suppression

commit 8d563072ed0e7b92b6c639f8949ce031bf416ccb
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 25 22:03:03 2015 -0400

    pluto: more log suppressing for OE

commit dead93f5a0ef1ed7696869ce6bce291c8e6f1747
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 25 21:30:16 2015 -0400

    pluto: various logging changes to reduce OE failure logging

commit 62cbef96c892866211df000941adc9c491dd6eb8
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 25 16:10:56 2015 -0400

    Undo commit 00ed7490af2e9adc1a936d38693c872cea1e87ba

commit 6d16fce066a3f8addbe65d431ae2f8df7e4ab8fe
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 25 20:17:03 2015 -0400

    make some logging calls dependant on DBG_KERNEL

commit 37b2920869fb541eac472405520afb7205015aeb
Author: Antony Antony <antony at phenome.org>
Date:   Sun May 24 09:46:29 2015 -0500

    ikev2 find_host_connection check RSA, PSK and NULL one by one

commit 4543b4b0b1741c6c5e6d7b15d12173e1c4b31dca
Author: Antony Antony <antony at phenome.org>
Date:   Sun May 24 01:34:08 2015 -0500

    fix the bug don't giveup after looking up rsa || psk continue to
    AUTH_NULL
    
    use type stf_status instead of FALSE

commit 82d713b62f4a406e3a86e3905153099d752a5a8e
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 24 22:45:53 2015 -0400

    remove pexpect() which is not true
    
    orphan_holds is KLIPS only - do not complain on NETKEY

commit 4e590fcd6d9ae29f98374b30c9018314c81115ab
Merge: a8c95e1 c00e9b6
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 24 22:36:17 2015 -0400

    Merge branch 'master' into oe-scratch3

commit a8c95e136dd30cec81c0804cbaa1b1659bd8edf3
Author: Antony Antony <antony at phenome.org>
Date:   Fri May 22 11:27:27 2015 -0500

    testing new testcases

commit b89b86a361a47da6e00026a7cdaa3611e5c9b929
Merge: f7a0ccb ebabb24
Author: Antony Antony <antony at phenome.org>
Date:   Fri May 22 11:16:44 2015 -0500

    Merge branch 'oe-scratch3' into oe-scratch300

commit ebabb24dc57f2040c4c57384d914bf069e7b001c
Merge: d0a6af2 d45361f
Author: Antony Antony <antony at phenome.org>
Date:   Fri May 22 11:16:03 2015 -0500

    Merge branch 'master' into oe-scratch3

commit f7a0ccb029898c2b6d068e06326514862a28d4cf
Merge: e61ca1f f152adc
Author: Antony Antony <antony at phenome.org>
Date:   Fri May 22 08:37:45 2015 -0500

    Merge branch 'master' into oe-scratch300

commit d0a6af226c3d95c276410c3f6ce88073e667876c
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 22 01:11:02 2015 -0400

    actually modify kernel policy in orphan_holdpass()

commit 5706f5596eb64c46c90421da4fdc848a037feea4
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 22 01:10:20 2015 -0400

    raw_eroute: support printing of an "update"
    
    eg when going from %pass to %hold, it will print %pass>%hold

commit 48234d54d9c99ce593c1f1a992eaac090b75d8ba
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 22 01:09:26 2015 -0400

    move some logging out of timer.c into kernel.c

commit fd9faff1967ebcf13e976632ff0c3a2f72a1fe35
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 22 01:09:01 2015 -0400

    logmsg fix

commit 6cd849a078ba8907232e8d14e9f156bcb75dde22
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 22 01:07:21 2015 -0400

    testing: newoe-04 slight update

commit 1488aa0c9499031f3ce1d3472b3ed1b01d900f48
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 22 01:06:49 2015 -0400

    testing: newoe-05 - like 04 but with negotiationshunt=hold

commit e61ca1f36f0cabae8b814ccb6faa328e384c14cf
Author: Antony Antony <antony at phenome.org>
Date:   Thu May 21 21:21:59 2015 -0500

    try hack with pp

commit 4ce4d85a11efa118ce32f4f5fe93cd893381d7e4
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 21 22:18:20 2015 -0400

    passthrough uses spi 0

commit 4557c98091f3c38342f69e7d88583d3809f6fbb7
Author: Antony Antony <antony at phenome.org>
Date:   Thu May 21 21:08:10 2015 -0500

    find rsa

commit 658c00305243406a707dd6d483875cd959226fd0
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 21 22:05:04 2015 -0400

    return the return

commit e84d70dcad38f8a79c359991b9d3620ca49d3fe5
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 21 19:44:07 2015 -0400

    trigraph funnyness

commit e4c6e29972ed54a7a460318be78aa4aef692acde
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 21 19:26:31 2015 -0400

    initiate: re-implement with goto

commit a7a73eca3cfd68dfc730190648bee700a00f2392
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 21 19:26:17 2015 -0400

    typo in log

commit 830ef148e92a12becd8a7edaeba4f4ce50b46720
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 21 19:25:05 2015 -0400

    netkey does not need or use remove_orphaned_holds

commit 241e22db0275e93dc048436e1d5f174b9850e4bf
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed May 20 23:36:07 2015 -0400

    more logging for spi type in netlink_raw_eroute()

commit 5e5e53afd5666e5b86c4fde7c044aae50a052862
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed May 20 23:33:11 2015 -0400

    orphan_holdpass did not support pass -> hold, only hold -> pass?
    
    Also added more logging

commit 859c83a7eed171810326be1ab68c06cc7f45b74f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed May 20 20:38:07 2015 -0400

    testing: added reference output to newoe-04
    
    This tests negotiation and failure shunts and captures the kernel
    updates with ip xfrm monitor.

commit 9ef31c684637a5f7807f55d8c313a578fb25fa41
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed May 20 18:54:46 2015 -0400

    WIP: move the bare_shunt handling from kernel acquire into fos_start
    
    This prevents it from being called multiple times

commit a09739f047bcd3ff41b19ec465c135b40863d20a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue May 19 21:58:03 2015 -0400

    add --shuntstatus to whack --help

commit d511098493e18b2572e4e1c4f38672e93017a847
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue May 19 21:57:14 2015 -0400

    improve bare shunt logging, make it DBG_OPPO

commit 8cb35a6bb8be16d92f3e4ab92a45499235242e76
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue May 19 21:29:15 2015 -0400

    pluto: add config setup item shuntlifetime=
    
    The lifetime of bare shunts (default 15 minutes)
    
    This is mostly useful for running test cases

commit c750e5961ff36522789499086f63ca720e20f739
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue May 19 16:15:56 2015 -0400

    WIP: further support for negotiationshunt != failureshunt

commit e453e0893fc812e902b112d42e6c92df46f508b2
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 18 21:28:10 2015 -0400

    don't call kernel_ops->raw_eroute, but go via raw_eroute()
    
    Otherwise we miss a lot of logging which adds to the confusion.
    
    Later on make raw_eroute static again once we call through the right
    API

commit 22089538e0bad1fd32ebe3c532922970f2faf90a
Author: Antony Antony <antony at phenome.org>
Date:   Sun May 10 11:17:14 2015 -0500

    kernel netlink decode polixy expire message

commit 950852683c41d1e3ab7d899df6acef9bb0164672
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 17 20:04:44 2015 -0400

    rename failure_shunt to negotiation_shunt variable for assign_holdpass
    
    since assign_holdpass() installs the negotiation shunt, not the failure
    shunt.

commit 5aa1624c0fc528f884e2a9f64aac5309bc95b587
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 17 19:44:47 2015 -0400

    clarify message in bare shunt for oe-negotiating

commit 80046dc42b82c9c33f6f9e6fe591a400e4e06b23
Merge: 2d5d143 d5bc066
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 17 19:39:10 2015 -0400

    Merge branch 'master' into oe-scratch2

commit 2d5d1439661ac5ad2e6da2466ce65388a28f97b1
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 17 17:37:31 2015 -0400

    fixup last night's shunt deletion

commit c5d058aa55be424a346346a2c9e83507b19984ae
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 17 01:39:30 2015 -0400

    WIP: commit partial shunt work

commit d4eea9f31d86a1400d5d50d59f67e06827e96c5e
Author: Antony Antony <antony at phenome.org>
Date:   Sat May 16 21:05:34 2015 +0200

    workaround free_bare_shunt  when pp is null

commit 8de5d43ed5b3e378f818751a2346ba3120765a63
Merge: 2ffa376 aee92de
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat May 16 14:38:08 2015 -0400

    Merge branch 'master' into oe-scratch2
    
    Conflicts:
    	testing/pluto/TESTLIST

commit 2ffa3764e78fac97c6e7b7aff769043b8cdd4758
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 15 00:50:12 2015 -0400

    testing: add the 3 nflog test cases to TESTLIST

commit 567ad7653c44e56a89110bf0aa23efd1c3b3a672
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 15 00:48:34 2015 -0400

    testing: added nflog-03-conns

commit db037c70880f7bd717d911aa707e9eb2493e0fe4
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 15 00:44:40 2015 -0400

    _updown.netkey: fixup nflog for host-host and net-net tunnels
    
    When a host-host or net-net connection comes up, we call
    route-host/route-client, which is the same target, so we have one addnflog
    entry. But when these go down, we call down-host and down-client, which
    are two different targets in the updown script.
    
    This was found via the nflog-03-conns test case
    
    (TODO: add for v6 targets too)

commit 42e6a08ac28dd073ac89726de52da0814b3d40ac
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 15 00:03:34 2015 -0400

    testing: nflog-01-global commit artifact fix

commit 13f710325f72f506074c61eda2e25963a6bb017a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 23:30:48 2015 -0400

    testing: renamed ikev2-40-nflog-global -> nflog-01-global

commit a71db725e6be206df3697939d3800da6a58d4265
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 23:29:25 2015 -0400

    testing: newoe-01 fixup policies/
    
    Add 192.0.2.0/24 to private-or-clear on initiator and clear-or-private on responder
    
    (avoids double tunnel)

commit e0f778bab8fe6bd0136264968e8241b791579c0a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 23:26:35 2015 -0400

    pluto: remove remnants of nflog-all for whacking
    
    The global nflog rules are now setup using the ipsec shell script.
    
    So pluto only needs to know about nflog-all for "ipsec status"
    output, but does not actually perform any action, so no whack command
    is needed, only the config file parser part.

commit ff8541bce4d2adc5ef8ce7014b15e407f88e344e
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 22:43:30 2015 -0400

    _updown.netkey: use -I for NFLOG instead of -A
    
    Otherwise, DROP rules will prevent tcpdump from seeing the packets

commit de7a79c97d0f82d072f3c60a263fc3632f868456
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 22:42:48 2015 -0400

    testing: nflog-02-conn shows per conn option nflog=

commit 4a8b8934121a0d306bc523241c1917f8b3abaf5b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 19:17:09 2015 -0400

    testing: newoe-04 update
    
    looks promising, only buglet is the double entry in the bare shunt table

commit 3d819f7a981ae2804760be89d46c6f80eb7a9ffc
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 19:05:33 2015 -0400

    testing: newoe-02 cleanup and docs why this test is still failing
    
    see description.txt (reference consoles deleted because it is wrong)

commit 806f29e0b1416d486887600b6d5a24ad1e552ca0
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 18:35:31 2015 -0400

    testing: newoe-03 cleanup and use new whack --shuntstatus

commit 1f72d4047f1862ee5008094357980c451677506d
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 18:25:36 2015 -0400

    whack: added ipsec whack --shuntstatus

commit 7018e8bea9e1880439a06aeaf7482adf6c6f66c3
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 17:43:59 2015 -0400

    testing: newoe-02 some fixups but test still not showing 7.7.7.7 pass

commit 6ac4450003d8e2e226165c16cdf5b9992bf48106
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 14 17:20:42 2015 -0400

    testing: newoe-01 update
    
    - wait for OE groups to load/instantiate
    - no need for named in this test
    - now shows proper foodgroup is used for whack oppo command

commit d49bff975f9776d821820a35571b8f889d4ff441
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue May 12 20:25:00 2015 -0400

    pluto: free_bare_shunt() should use pexpect, not custom catch code

commit 11fbe4b1182a06b6794575405639b9727ffdd23b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue May 12 19:01:26 2015 -0400

    pluto: ensure we cannot get "attempt 10 of 4"
    
    Various combinations of timed events can lead to this. The check was for
    try_limit != try which I changed to try <= try_limit
    
    It still logs one more "attempt" than max, because the log line is printed
    too early when the decision to abort or continue hasn't been made yet.

commit f266588f213aecb7176218b6308a685a82487859
Merge: f9abda2 2b8bccc
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 11 21:06:43 2015 -0400

    Merge branch 'master' into oe-scratch2

commit f9abda22d826fd95bbe0351ef85a61b0645794c5
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 11 21:06:34 2015 -0400

    demote a log message to debug

commit a5276051299bfbd7fb44aac950e8e40929d5bdb6
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 11 21:01:35 2015 -0400

    pluto: don't try to gw_delref() in delete_connection() when AUTHNULL

commit 48ecc52a2c7db54a7b55984b12a57670d728f25d
Merge: 3041910 908a0fc
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 8 12:30:12 2015 -0400

    Merge branch 'oe-scratch2' of vault.libreswan.org:/srv/src/libreswan into oe-scratch2

commit 908a0fc903e951f886eedb9bd329e09bf71eb0d2
Merge: 2e4e62e f62b18e
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 8 12:28:53 2015 -0400

    Merge branch 'master' into oe-scratch2

commit 2e4e62e9bfce81b48a02bd81fad41d755e8f1e2f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 8 12:27:05 2015 -0400

    pluto: no ligner listen for IKE on loopback interface

commit 86715e5c80a05e4d361ddc6df3133577ebdbec9c
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 8 12:02:04 2015 -0400

    testing: ikev2-auth-null-01 use ID_NULL

commit 3041910853c23a9c63ce358d6cdda06706547985
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri May 8 11:47:00 2015 -0400

    testing: update newoe-02

commit 62ebd9b3246bc59237c6798b975d00bab34f0881
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 7 15:39:23 2015 -0400

    testing: updated newoe-01
    
    Still noticing that we have two IPsec SA's between west and east ?

commit 5387581b36fdfb99ad254d3f8301e074c39eb6c3
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu May 7 15:37:35 2015 -0400

    pluto: prevent infinite recursion with plutodebug=private

commit 0ce6fada80125aba8e0d3c65991d7c4b70ed12ff
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Thu May 7 03:17:39 2015 -0400

    ipsecconf: correct KSF_DDOS_MODE to be KBF_DDOS_MODE

commit cbab8919ba51c3e75c5261b2a141687da6496a8c
Merge: a6b4dc4 4ea973b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed May 6 21:45:31 2015 -0400

    Merge branch 'master' into oe-scratch2

commit a6b4dc4cf75ecd7f8e44d03617757e928204f9f8
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed May 6 21:41:10 2015 -0400

    KLIPS: fix amusing reference to "Openswan" in /proc/net/ipsec/version

commit a28b6b23acfdf456f854e521a1b43a54057b4de4
Merge: 3349ae0 7bc7385
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed May 6 14:09:06 2015 -0400

    Merge branch 'master' into oe-scratch2
    
    Conflicts:
    	testing/pluto/ikev2-40-nflog-global/west.conf

commit 3349ae0f87a69106ba8a5a34710bf69b7332402d
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue May 5 18:46:00 2015 -0400

    testing: west side of test

commit 559c8b0548f737551d9f8a27145194bbd27ee759
Merge: e09e7b5 d51890f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue May 5 16:06:12 2015 -0400

    Merge branch 'master' into oe-scratch2

commit e09e7b5c6d4f77c33f8dc8b04668cd2f6a6222f2
Merge: b7179e4 8372cce
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon May 4 15:27:28 2015 -0400

    Merge branch 'master' into oe-scratch2

commit b7179e44040fd0464167532d9a20d5d9485ded49
Merge: ce61b2a 627f948
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 3 20:36:49 2015 -0400

    Merge branch 'master' into oe-scratch2

commit ce61b2a26d5bc4fc8fafee45eb90ca9c2403c2b4
Merge: 0e9888f 37aae61
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 3 20:29:24 2015 -0400

    Merge branch 'master' into oe-scratch2

commit 0e9888f6b5a369bb3c24cb8228851eca94455443
Merge: c0292ec 95a9b56
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 3 16:52:24 2015 -0400

    Merge branch 'master' into oe-scratch2
    
    Conflicts:
    	programs/pluto/ikev2_psk.c

commit c0292ec58ee9784ed209ab4885704bddc9b37552
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 3 16:39:02 2015 -0400

    re-enable accidentally commented out WERROR_CFLAGS

commit b7a61e57de4bd8abc90d6ddcc957f894a4abf52b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 3 16:38:46 2015 -0400

    squash an unused variable warning

commit 9c1ba6b9cf27986c620772e4af67d3faf12ddc7d
Merge: 2bba46c 97266ec
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun May 3 16:34:05 2015 -0400

    Merge branch 'master' into oe-scratch2
    
    Conflicts:
    	programs/pluto/ikev2_psk.c

commit 2bba46c71b45601c27eb6d51a0ff7f6919916a1f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 30 15:32:10 2015 -0400

    pluto: logging cleanup

commit ce2c35ae241e7c3bb8ff7b5228bf374decf78804
Merge: a9eaa35 aef0836
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 30 14:56:42 2015 -0400

    Merge branch 'master' into oe-scratch2

commit a9eaa3563e5c997482299170a68f3c22f8906332
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date:   Thu Apr 30 10:43:34 2015 -0400

    pluto: fix modecfg client/server status display (was swapped)
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit f03dd0f740c23b5aa20a62ff46788e24b15f541b
Author: Paul Wouters <paul at nohats.ca>
Date:   Wed Apr 29 22:16:21 2015 -0400

    WIP: proper OE pass routes without connection/state
    
    shows up bare shunt table, but accounting is still bad and needs fixing

commit 8d2c56c88064a3d60f859f1b4199f2bb77c6d9bd
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Apr 26 22:46:39 2015 -0400

    WIP: minor logging/comment changes

commit e8792bfb4fb0712f8f799159a1f77dc367609d37
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Apr 25 18:35:53 2015 -0400

    testing: newoe tests - ensure no global ikev2oe.conf, policies or common files are used

commit 6d6d044d67ba21638450068c274a464378edf66f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Apr 25 18:29:34 2015 -0400

    testing: newoe-02 use 7.7.7.7 configured on nic for OE fail test

commit 41f173048e55deda79dd6fce46c292fe2e930ba2
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Apr 25 18:20:21 2015 -0400

    more logging

commit 4e01a86560aee73747c12e9b1d25c00d6f656e39
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Apr 25 18:20:01 2015 -0400

    put passert back for non-authnull case

commit fd2462f0494a1799a40429775edd8412f7648150
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Apr 25 18:19:29 2015 -0400

    pluto: kernel bare shunt has SPI_HOLD regardless of our connection policy

commit ddefbcfb2467bf1cf1a1cb0fe71cfc987b506b6f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Apr 25 15:41:09 2015 -0400

    WIP: oe-scratch2 cleanup and undo

commit 33d70dc6273b82fdbbc766685cd28590a9362cb9
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Apr 24 20:10:59 2015 -0400

    pluto: tiny tidy

commit 486348632e964397bba62d8402da63aee1cb5744
Merge: 5603f73 b31503a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Apr 24 09:15:18 2015 -0400

    Merge branch 'master' into oe-scratch1

commit 5603f7329be92a11c81201133aff7fadae516f1a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 23 17:27:41 2015 -0400

    WIP: install permanent pass for failed OE
    
    proof of concept, we need to install with a lifetime

commit d46010288a3568c3115d4d79f1879f399be63edf
Merge: 5dc44b0 e992881
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 23 14:59:39 2015 -0400

    Merge branch 'oe-scratch1' of vault.libreswan.fi:/srv/src/libreswan into oe-scratch1

commit 5dc44b0a9b3919acd89b8631e471618749ef6df8
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 23 14:55:02 2015 -0400

    ipsec: remove root check in the ipsec initnss command.
    
    If trying in /etc/ipsec.d, the failure will be clear for non-root
    
    This helps those who deploy by setting up the ipsec.d as non-root
    user (eg openstack)

commit e1886ed8156d1e3fd230b1942735a1fad869efd8
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 23 14:32:34 2015 -0400

    copy a useful comment - got lost in the stack split support in
    ancient openswan

commit e9928814bd77226a651b1a69c0e5bbbcc55e8238
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 23 10:04:32 2015 -0400

    testing: newoe-04  ensure east does not initiate OE to gateway or road

commit 976129451e7674dfa433665f669e37cc59b342db
Author: Antony Antony <antony at phenome.org>
Date:   Thu Apr 23 10:15:54 2015 +0200

    with /32  in private-clear

commit c0be9017727ae6dd6344fa8327f64526460fead2
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Apr 22 18:57:53 2015 -0400

    testing: newoe-04 update

commit 209afec1f792feb008291108409a8455430704e0
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Apr 22 18:36:32 2015 -0400

    WIP: working negotiationshunt=pass|hold
    
    failureshunt does not work because we delete the state/connection,
    so we have no surviving %pass

commit f77c48fd3090a768225f8aead27bebb1dc963e39
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Apr 22 18:36:03 2015 -0400

    testing: set negotiationshunt=passthrough in ikev2-oe.conf

commit 5f36a49b097b18b7b4aa0e5cca2a4afa42ba601a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Apr 22 16:41:16 2015 -0400

    WIP: try updating with negotiationshunt

commit 08ca268f33b065e526f0859bc76a8015680c8912
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Apr 22 15:49:16 2015 -0400

    WIP: Change all shunt/eroute callers that used void to log failure

commit 72ddba3a866cbc38bae3a7e6587efe1b6d8c7132
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 21 22:21:33 2015 -0400

    WIP: use failureshunt/negotiationshunt, remove "cheating" based on stack
    
    This still leaves bad bare shunts in kernel but pluto state is consistent.
    
    with this change, newoe-04 establishes OE using netkey on road.
    
    It fails on the impossible 254.254.254.254, and seems to delete connection
    (meaning we have no failureshunt in place I guess)

commit bb4652841455799a8206e8176df9e05ca278e75d
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 21 21:54:20 2015 -0400

    testing: newoe-02 / newoe-04 update
    
    newoe-04 is a clone of newoe-02 but using netkey
    
    both now specify source ip for ping to avoid acquires on connect()

commit 635abb44c428787e10c3562f7c64b26f97d630fb
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 21 17:51:46 2015 -0400

    pluto: add negotiationshunt=passthrough|hold
    
    - alias drop for hold
    - also add drop alias for failureshunt
    
    (hold was really sort of only true for first+last packet caching in KLIPS)

commit 49dfec5dcfb28f11b9484e2146894b9e2345befc
Merge: edeefa6 a2d0e22
Author: Antony Antony <antony at phenome.org>
Date:   Thu Apr 16 22:42:26 2015 -0500

    Merge branch 'master' into oe-scratch1
    
    Conflicts:
    	programs/pluto/timer.c

commit edeefa6a665cf6611869fc9a8b0df3e1cf382fd6
Merge: c292c45 61e1e38
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Apr 20 14:22:58 2015 -0400

    Merge branch 'oe-scratch1' of vault.libreswan.org:/srv/src/libreswan into oe-scratch1

commit 61e1e388a90c9b1917b3db482f1cb9c307c2003a
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Mon Apr 20 00:05:10 2015 -0400

    pluto: minor clarity fixes around bare shunt code
    - rename "proto" to "sa_proto" when appropriate; get type right
    - remove some "UNUSED" pragmas that were lies
    - fix some typos in comments

commit 8b38bb5369dac948b2079ced245c1bd9cfbe9b13
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Sun Apr 19 20:42:35 2015 -0400

    pluto: explicitly ignore result of replace_bare_shunt()

commit c292c4559d54ec8b250a4fd404ffd0362afd52b4
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Apr 18 17:23:21 2015 -0400

    bump bitnamesbuf buffer

commit b8ce8712e184dbc4e3ff31524752a7a48042d724
Merge: 188d076 762c4a3
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Apr 16 16:18:06 2015 -0400

    Merge branch 'master' into oe-scratch1

commit 188d0768120869efe23b822cab24fff0856863d0
Author: Antony Antony <antony at phenome.org>
Date:   Thu Apr 2 22:32:09 2015 -0500

    ikev2: fix a typo in 601aa7d8d5f

commit 9440bf9748966c689cf8b04d69e10e77fdc30471
Merge: 01592ff 59e8686
Author: Antony Antony <antony at phenome.org>
Date:   Thu Apr 2 22:18:19 2015 -0500

    Merge branch 'oe-scratch1' of vault.libreswan.fi:/srv/src/libreswan into oe-scratch1

commit 59e86867e961cd0b745ed8891e6aa5f9644b9873
Merge: a51a751 ee35d86
Author: Antony Antony <antony at phenome.org>
Date:   Sat Apr 4 05:58:29 2015 -0500

    Merge branch 'master' into oe-scratch1

commit a51a751379780715857d84993d18ed9e1d42d82f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 7 21:23:02 2015 -0400

    testing: newoe-01: enable DBG_PRIVATE

commit 601aa7d8d5f604240810fbe135290456317f451b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 7 21:22:17 2015 -0400

    ikev2_psk: fixup AUTH_NULL and make PSK printing DBG_PRIVATE only

commit 28587606a364400d1bc117ebfc53ff8364c5a83b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 7 17:05:00 2015 -0400

    testing: re-enable failureshunt=passthrough for conn packetdefault

commit d7a2ad177867e2ad69692cfac4497fc85f879439
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 7 17:48:51 2015 -0400

    documentation: remove isakmp-test.ssh.fi from pluto man page. it is dead

commit dc60ce0f1c7bacc1677fe7fae882cd3f9e4168d8
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 7 17:46:57 2015 -0400

    documentation: fix buglet in man page on -DDEBUG

commit c0d8b9816a10d797df792ec77266aa1062ede6f8
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 7 17:02:33 2015 -0400

    testing: two new ikev2 testcases for corner cases in hmac_init()

commit ead2bf6f75bbd154832eccb5b57ff542f6e075e7
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Apr 6 23:09:50 2015 -0400

    fix switch over KBF_FAILURESHUNT values

commit 733a6763c3c91bb72131f6da30b7cd753f5a353a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Apr 6 23:04:23 2015 -0400

    fix warning and log message

commit 690c21320ab76aa9c5b1f6f2fdad8f0deba0db3f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Apr 6 22:33:17 2015 -0400

    pluto: fix some hardcoded SPI_PASS to check for POLICY_FAIL_PASS

commit 2e90f2cb68c1c7f85ca0240c9e8fc30666bfdd86
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Apr 6 22:32:57 2015 -0400

    libipsecconf: fix parsing failureshunt=

commit d52d02b7ee0ec20f061dc7c7fbf90df95cc881bb
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Apr 5 23:33:37 2015 -0400

    testing: newoe-03 for testing to properly fail OE to self

commit 200d27fd16863b9b5cf399eda05cf2ba79868a0e
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Apr 5 23:29:07 2015 -0400

    WIP first attempt at fixing acquires to self with netkey
    
    This fixes acquires where source ip == dest ip
    
    This does not yet fix the case where we have two IPs and talk to
    ourselves (test for this is in newoe-03)

commit b2d0bced0298337bb3c834bf8ddfb2d1ff793f16
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Apr 5 23:28:24 2015 -0400

    WIP: fixup transport_proto specific acquire with NETKEY

commit 9c78ae28d15b893b9d62854d6af107a516be5d3f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Apr 5 15:04:42 2015 -0400

    HACK COMMIT FOR REFERENCE ONLY
    
    This makes KLIPS OE work, with %pass during/after failed IKE.
    
    Just as a FYI hack. Raises many questions which need to be addressed

commit 5bb1b4e6b5b9cec5a426248ed3472b2fe8b1e4c2
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Apr 5 15:03:57 2015 -0400

    testing: newoe-02: klips OE with %pass during/after IKE

commit 858b0c41fc711acc8fb19ee4973eed395daf8875
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Apr 5 14:51:31 2015 -0400

    WIP: change ikev2-oe.conf to not use failureshunt=passthrough
    
    Note confread.c doesn't properly handle this option to begin with, and
    it fails to actually set POLICY_SHUNT_PASS (which would show up as PASS
    in the pretty policy line in ipsec status)
    
    However, when fixing that, using failureshunt=passthrough will cause the
    connection to NEVER cause any kind od acquires whatsoever (neither on netkey
    or klips)
    
    We either need to fix this option, or ignore it and introduce something
    new like opposhunt=hold|pass
    
    I don't see what else this option is supposed to do, so fixing it would be best,
    but required figuring out why it causes no functional %trap and losing acquires.

commit 29c9fc909d7b81c99f0076102018b58cbc2bb69f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Apr 5 14:49:30 2015 -0400

    WIP: Antony's retransmit patch
    
    Note this still causes timers to go -1
    
    000 "packetdefault"[2]: 192.1.3.209[ID_NULL]---192.1.3.254...9.9.9.9[ID_NULL]; unrouted PASS; eroute owner: #0
    000 #15: "packetdefault"[2] ...9.9.9.9:500 STATE_PARENT_I1 (sent v2I1, expected v2R1); none in -1s; idle; import:local rekey
    000 #15: pending Phase 2 for "packetdefault"[2] ...9.9.9.9 replacing #0
    000 #14: "packetdefault"[2] ...9.9.9.9:500 STATE_PARENT_I1 (sent v2I1, expected v2R1); none in -1s; idle; import:local rekey

commit 01592ff0f524567b7f8671713ada6c8fc4aaa89a
Merge: a51a751 ee35d86
Author: Antony Antony <antony at phenome.org>
Date:   Thu Apr 2 20:31:35 2015 -0500

    Merge branch 'master' into oe-scratch1

commit 357543f9a254c7a0cd30b929e1bae8582847e7ed
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Mar 31 10:13:23 2015 -0400

    testing: newoe-0[12]  Add our ssh IPs to the clear list
    
    So we can still manually ssh into road, west or east and run OE tests
    without locking up due to OE. This adds 192.1.2.253 and 192.1.3.253 to
    the clear policy

commit 3409665c247c24374f5f5ee96f65bec6b5df1a2f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Mar 30 16:04:21 2015 -0400

    Add comment on udp hole in server.c

commit c431187a8978e58f86bd5242cfd53d5c1aea7b8f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Mar 13 15:27:11 2015 -0400

    testing: newoe-02  Add nicinit.sh so that nic boots in this test

commit 85ea050a31526b49125f3673a83371b6ce91a4dd
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Mar 13 15:26:46 2015 -0400

    testing: newoe-02 add the policies from newoe-01

commit eaa620aa8066d7eee0d2775a498ba2180ad3ebeb
Merge: 1a1b1b8 ae1119b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Mar 13 13:26:20 2015 -0400

    Merge branch 'oe-scratch1' of vault.libreswan.org:/srv/src/libreswan into oe-scratch1

commit 1a1b1b82af696cb51b26d76e13ce54d7ae9d7ae2
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Mar 12 10:42:45 2015 -0400

    remove some temp logging

commit efe523bd4178bb97ec81c9948c64386175fae749
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Mar 11 19:19:45 2015 -0400

    WIP sync up oppo_instantiate() code for ikev2

commit ae1119b75e80d516c1ae8aa36991ea8aff6317e0
Author: Antony Antony <antony at phenome.org>
Date:   Mon Mar 2 10:44:57 2015 -0600

    newoe test with road - east no nat
    
    	testing/pluto/table.txt

commit f9478ebeac5ce05347d5548aba9ea7811f34d8f8
Author: Antony Antony <antony at phenome.org>
Date:   Sun Mar 1 17:36:54 2015 -0600

    copy b->peer_client

commit 2c7051f6a152ca0df78ce7057963495bb1c3d1d6
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Mar 10 16:28:26 2015 -0400

    testing: resolve via 127.0.0.1 first on west/east

commit d687e00758cb69e54d318da772c6679cc09088a9
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Mar 10 16:28:09 2015 -0400

    testing: WIP sync OE changes

commit e49320752dc169e47c3af099a45b217df96b2c55
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Mar 10 16:27:06 2015 -0400

    testing: WIP newoe-01 update

commit a2b1d26b8a5f690384e429dff41ed8dd35e4ad71
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Mar 10 16:26:48 2015 -0400

    testing: WIP added ikev2-oe.conf

commit be6ded0dcd76811c4fb94f323e49a26d4b868eb4
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Mar 10 15:17:06 2015 -0400

    testing: WIP added newoe-01

commit 5ffc614f4649d0a622afef1a0a32ab0a0571b407
Merge: 9c42123 70ac233
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Mar 6 19:18:05 2015 -0500

    Merge branch 'master' into oe-scratch1

commit 9c421230e6c04e8853bd77defbd3375bdcbe48cc
Author: Antony Antony <antony at phenome.org>
Date:   Sun Feb 22 22:38:24 2015 -0600

    stash

commit 6a4c57dd8481b24fd03648f994402b0093c522e3
Merge: 70c5faf e3b0930
Author: Antony Antony <antony at phenome.org>
Date:   Sun Feb 22 22:10:52 2015 -0600

    Merge branch 'oe-scratch1' of vault.libreswan.fi:/srv/src/libreswan into oe-scratch1
    
    Conflicts:
    	programs/pluto/initiate.c

commit 70c5fafb8ac9ca30bbf9d75905414c10e983eb8b
Author: Antony Antony <antony at phenome.org>
Date:   Sun Feb 22 20:58:49 2015 -0600

    stash

commit e3b0930ca3a79878db66937780cc7754b9064774
Merge: eaa32a6 21584df
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Feb 20 23:08:12 2015 -0800

    Merge branch 'oe-scratch1' of vault.libreswan.org:/srv/src/libreswan into oe-scratch1

commit eaa32a60d4543063efb54e4b26477a25a675940f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Feb 20 20:41:51 2015 -0800

    stash

commit 44c525ed72a2228854204beabd09a12f47ddfd34
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Feb 19 23:26:48 2015 -0800

    WIP: OE IKEv2 test conns

commit 967daae9347fbaa5f8fb93eef0bd5020598e58d5
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Feb 19 23:25:12 2015 -0800

    WIP: foodgroup code changes for no-dns

commit 79b98d8f606a2ab40087a558161f0cab43d88cd4
Merge: 21584df b49d80e
Author: Antony Antony <antony at phenome.org>
Date:   Thu Feb 19 15:45:49 2015 -0600

    Merge branch 'master' into oe-scratch1

commit 21584df0a682815700b4a2308785f6a41409d090
Merge: 44c525e aed65cb
Author: Antony Antony <antony at phenome.org>
Date:   Thu Feb 19 15:23:57 2015 -0600

    Merge branch 'master' into oe-scratch1



More information about the Swan-commit mailing list