[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Sat Mar 14 17:46:20 EET 2015 

New commits:
commit 447fd6de3ce421049d6180cfecf21584ae4a922d
Merge: 1b6a9ce 955af4b
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sat Mar 14 11:38:47 2015 -0400

    pluto: clean up IKEv2 state; properly handle ICOOKIE+ZERO
    
    - make ICOOKIE+ZERO lookups reliable by adding a second hash table
      previously, in some states, the lookup would fail and re-transmits
      got lost; lookup code becomes simpler
    - simplify code by assuping state 0 IFF no state object
      lookup code becomes even simpler
    - correctly differentiate between IKE_I and MSG_R
      there's now a fighting chance that an initial-responder can
      get its requests acknowledged
    - merge all packet matching logic into a single loop
      some of the logic was split in an aux function
    - support matching of encrypted packets
    
    Merge commit '955af4b7590339218c449832eebd403626840588'

commit 1b6a9ce61515f211a535fd99aa8b981e02c8b388
Merge: ebdd217 3c2ac0e
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sat Mar 14 11:35:15 2015 -0400

    pluto: more separation between IKEv1 and IKEv2
    
    - when IKEv2 use IKEv2 names
    - use separate packet decode routines (only IKEv1 has problems)
    
    Merge commit '3c2ac0e83e6eaf69d20b073fc0845aa4c6c4958d'

commit 955af4b7590339218c449832eebd403626840588
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sat Feb 28 21:42:40 2015 -0500

    pluto: replace IS_V2_INITIATOR with st->st_role
    
    Set the latter when the state is created.  Use.
    Check st->st_role and md->role are consistent.

commit ba2c0e721d6c3a2d323eb6161f90e97a615447b0
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sat Feb 28 20:34:35 2015 -0500

    pluto: pass the new RCOOKIE to rehash_state
    
    This simpifies all the code trying to update the state's RCOOKIE.

commit 3072fc84d8adb487831b01765e2226939ebe769c
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sat Feb 28 20:17:47 2015 -0500

    pluto: use new hash code to manage ICOOKIE+RCOOKIE hash table
    
    The new code doesn't re-hash when deleting.

commit aae662ce8b6ab837bc6f147e5efbe5e860470a00
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 27 21:31:18 2015 -0500

    pluto: add SMF2_UNPACK_SK flag; add inline checks of SK payload
    
    State transitions can be configured to pre-unpack / verify messages.

commit 2c3409a2f88431519fe89687bcf14ba92f03ced1
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 27 21:05:15 2015 -0500

    pluto: simplify state lookup a little, and use MSG_R *not* IKE_I!
    
    Was determining if a child lookup was needed based on IKE_I when
    it should be MSG_R.
    
    Other checks still look suspect.

commit 0f144ff29379bcdd2e7cfbdbaf06caa7fe0900cf
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 27 16:07:52 2015 -0500

    pluto: add state list/hash structures; use to implement ICOOKIE hash table
    
    A second hash table, hashed by just the ICOOKIE is added.  This provides
    a 100% reliable way to find state objects in applicable states using just
    the ICOOKIE.
    find_state_ikev2_parent_init() updated.

commit 3c2ac0e83e6eaf69d20b073fc0845aa4c6c4958d
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Feb 23 10:24:59 2015 -0500

    pluto: split ikev2_process_payloads() into separate unpack, verify, log and update-state
    
    The old function, as a side effect, could update the payload state.
    The logic modifying the selected state is moved into process_v2_packet().

commit 5548ec3f268960e9a397784f038f95e419ce26a3
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 27 00:17:41 2015 -0500

    pluto: trust that md->role has been set correctly
    
    Don't re-set it based on st->st_state.
    Instead of passing down or re-computing the value use md->role.

commit b052707dd0b8f2fd16fe682d02dcf05b80f47be2
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 13 15:04:16 2015 -0500

    pluto: rename ISAKMP_NEXT_v2E to ISAKMP_NEXT_v2SK, matching RFC 7296.
    
    Also update packet.[hc] and ikev2_sk_desc.
    TODO: Update e_pbs in ikev2_parent.c.

commit d7453fb4de1dc72afbcc4a0112f040bb62a39b9b
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 26 23:58:52 2015 -0500

    pluto: fold clear payload match into the main state match loop
    
    SMF2_CONTINUE_MATCH can be deleted.

commit 6c1080377eec6c8b9d5e985980a597f420fe3541
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 26 23:05:29 2015 -0500

    pluto: add SMF2_MSG_R_CLEAR and SMF2_MSG_R_SET.
    
    Use these to correctly check the MSG_R bit.

commit 74a6e364159f38ee8019eab816fd67c728cf4c7a
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 26 22:22:36 2015 -0500

    pluto: replace SMF2_INITIATOR with SMF2_IKE_I_SET and SMF2_IKE_I_CLEAR
    
    Two flags so checking is both explicit and optional.
    Having an optional check makes merging initiator and responder states
    easier.
    Use md->role, instead of flag to determine original-initiator.
    Note that "struct state" should also have an st_role field.

commit f3b9a38184c3607b987f5015e19e99fb7b445f35
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 26 20:42:01 2015 -0500

    pluto: delete SMF2_STATENEEDED, "struct state" == NULL IFF initial-state
    
    SMF2_STATENEEDED is redundant, the only time a state isn't needed is
    if-and-only-if the state machine is in the initial state.
    
    Simplify.

commit 3d9ee1f92656268621f833e6e465a8dd4fbc0f5a
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 13 12:14:19 2015 -0500

    pluto: define PINDEX, use it to compute payload lset_t indexes

commit ec7dd1756ad9a960faaada8742d57a2aab5eb444
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 13 12:12:43 2015 -0500

    pluto: split payload_desc into v1 and v2 variants

More information about the Swan-commit mailing list