[Swan-commit] Changes to ref refs/heads/master

[Paul Wouters]

New commits:
commit 2b99eda962886889189cbbcc05ff094b318f91b7
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Sep 3 18:54:34 2015 -0400

    pluto: IKEv2 don't log bogus RC_SERIOUS log message
    
    Due to the redesign in how ikev2parent_inI1outR1() called
    ikev2_find_host_connection() we had a logging artifact that for AUTH_NULL
    would log the following RC_LOG_SERIOUS messages before successfully
    establishing a tunnel:
    
    Sep  3 15:55:48: packet from 10.236.54.80:500: initial parent SA message received on 10.236.54.8:500 but no connection has
     been authorized with policy RSASIG+IKEV2_ALLOW
    Sep  3 15:55:48: packet from 10.236.54.80:500: initial parent SA message received on 10.236.54.8:500 but no connection has
     been authorized with policy PSK+IKEV2_ALLOW
    Sep  3 15:55:48: "private-or-clear#10.0.0.0/8"[2] ...10.236.54.80 #5: negotiated tunnel [10.236.54.8,10.236.54.8:0-65535 0
    ] -> [10.236.54.80,10.236.54.80:0-65535 0]
    
    This commit changes those RC_LOG_SERIOUS messages into DBG messages,
    and adds a more generic RC_LOG_SERIOUS log message in the caller:
    
    "initial parent SA message received on %s:%u but no suitable connection found with IKEv2 policy of RSASIG, PSK or AUTH_NULL",
    
    I'm not sure if we should even keep this as a RC_LOG_SERIOUS message
    though, as it is a denial of service on the logs, and we have turned
    most of these into DBG messages. But turning this into DBG might result
    in a complete lack of understanding when run without debugging.

commit 8d6aa89c6288030de8661145492f573976f48ef9
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Sep 3 18:25:43 2015 -0400

    updated CHANGES