[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Wed Oct 28 11:43:54 UTC 2015 

New commits:
commit 47e956bd75f170b5c8299e76df4b9aa55d1334c2
Author: Lubomir Rintel <lkundrak at v3.sk>
Date:   Wed Oct 28 12:42:13 2015 +0100

    XAUTH: Don't attempt to read attributes when there's just padding
    
    Libreswan, unlike cisco, likes to add padding when transform payload attributes
    don't line up to 4-octet boundaries while it doesn't seem to be too happy about
    padding, being non-interoperable with itself (unless "ikepad" is turned off):
    
    002 "conn" #4: modecfg: Sending IP request (MODECFG_I1)
    005 "conn" #4: Received IPv4 address: 10.0.0.10/32
    005 "conn" #4: Received IP4 NETMASK 255.255.255.255
    005 "conn" #4: Received DNS server 8.8.8.8
    005 "conn" #4: Received Domain: yolo
    005 "conn" #4: Received Banner: swag
    005 "conn" #4: Received subnet 192.168.100.156/32, maskbits 32
    003 "conn" #4: not enough room in input packet for ISAKMP ModeCfg attribute (remain=2, sd->size=4)
    
    RFC 2408 3.6 seems to be a bit unclear about how to pad the attributes
    referring to "any padding." Let's just assume anything shorter than four octets
    (minimal attribute size) at the end is padding and don't attempt to read
    through it.
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit 97a165013e67527efbd06d93b0b4993db4820070
Author: Lubomir Rintel <lkundrak at v3.sk>
Date:   Wed Oct 28 12:40:04 2015 +0100

    selinux: support dynamic class/perm discovery
    
    The older API has been deprecated which breaks Werror builds.
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit d4230d050afaee7f988c0e9a8fd50c1190c90127
Author: Lubomir Rintel <lkundrak at v3.sk>
Date:   Wed Oct 28 12:28:20 2015 +0100

    systemd: add socket activation
    
    This fixes a startup race where the tools don't know whether it's safe to use
    the managemenet socket after launching the service.
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit 97544cdfdb3caa7dd088c0064782a2626a99fad9
Author: Lubomir Rintel <lkundrak at v3.sk>
Date:   Wed Oct 28 12:22:33 2015 +0100

    _updown.*: Fix NetworkManager callback
    
    Letting NM know is not just specific to resolver configuration management, NM
    always needs to know if setting up the connection succeeded or timed out.
    
    Moreover, it's probably not a good idea to unset the variables upon disconnect
    as it would be nice if NetworkManager could identify the connection that goes
    down.
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

More information about the Swan-commit mailing list