[Swan-commit] Changes to ref refs/heads/master

[Antony Antony]

New commits:
commit 8d5d0035145bfd565b93a67715a12c893a7964e7
Merge: 11c5018 5ec3000
Author: Antony Antony <antony at phenome.org>
Date:   Sat Dec 16 12:44:37 2017 +0100

    Merge branch 'mobike'
    
    Initial support for IKEv2 MOBIKE, RFC 45555.
    - Responder support MOBIKE probe, with or  without liveness.
    - Initiator send MOBIKE probe with UPDATE_SA_ADDRESSES
    
    The initiator support is expirimental with that subnet 0/0
    Switching from NAT to NO NAT or the viceversa need more work!

commit 5ec30004fd0278aa3452be8e25fe83a5088b9cb7
Author: Antony Antony <antony at phenome.org>
Date:   Thu Dec 14 18:31:16 2017 +0100

    ikev2: MOBIKE check kernel support for XFRM_MIGRATE
    
    when adding a connection with mobike=yes check kernel support.
    To support MOBIKE we need CONFIG_XFRM_MIGRATE && CONFIG_NET_KEY_MIGRATE
    enabled, to migrate kernel/xfrm sa.

commit 91e9a59af8bc5cdd1f15a05208796e887f59701c
Author: Antony Antony <antony at phenome.org>
Date:   Sun Dec 3 22:20:39 2017 +0100

    ikev2: find interface or --listen on new ip/interface
    
    there is new IP address with no 'interface' in pluto, add it.
    Would this pickup a wrong interface on initiator if the other end 0/0
    An address assigned by the server could be the new source address.
    
    may be figure out netlink RTM_ mechanisms to skip server assigned
    address???

commit 074480d542c001dff99b0e8dfdaf2c9af53341e2
Author: Antony Antony <antony at phenome.org>
Date:   Thu Nov 30 14:26:15 2017 +0100

    ikev2: MOBIKE add initiator support
    
    refactor send_informational.
    TODO use it for creating v2D, delete informational message

commit 06b8ebb9b88a5a8f619e277fb72cc7f0f13091c9
Author: Antony Antony <antony at phenome.org>
Date:   Tue Nov 28 19:04:29 2017 +0100

    xfrm: listen to NETLINK_ROUTE messages from kernel.
    
    kernel broadcast IP address changes as NETLINK_ROUTE messages.
    MOBIKE, IKE initiator can take actions based on address changes.
    Initially liste to
     RTM_NEWADDR
     RTM_DELADDR

commit 6e3320a8405f0b2b0b4a97960b82cc02508cfc1c
Author: Antony Antony <antony at phenome.org>
Date:   Mon Nov 6 11:43:29 2017 +0100

    ikev2: responder temp --mobike probe remote-- address to respond
    
    1. Send response of informational exchange, with v2N_UPDATE_SA_ADDRESSES
    to the new address.
    
    After responding forget the new remote address.
    
    2. Also IKEv2 livenes, on responder respond to new temp address
    when the initiator has a new address, and old adress is removed, it
    may send a liveness without MOBIKE payloads. The responder just respond
    to the new address. And do not update st_remote_addr (on responder) yet.
    It would be updated if the initiator send MOBIKE payaload in the
    following exchange.
    
    Initiator use this inforational reply only to
    "determine if the current path is still usable". This is not a
    MOBIKE exchange. A MOBIKE exchange could follow.
    
    See RFC 4555 #3.5.
    Note : this is one of the ways initiator start MOBIKE. There are other
    methods which do not involve such a liveness probe.

commit dabd2aad130b094c40e8e4dff86d3ca33b346f8e
Author: Antony Antony <antony at phenome.org>
Date:   Thu Oct 26 18:13:46 2017 +0200

    ikev2: MOBIKE kernel xfrm migrate
    
    call xfrm migrate to change SA end point of fwd/in/out
    there is reqid off by one hack
    need  XFRMA_ENCAP attribute to SA migration for mobike (kernel 4.13)

commit 960c4eeacae72d1418850e9b2e21842594e32b29
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Oct 26 18:16:29 2017 +0200

    ikev2: MOBIKE informational exchange support
    
    - Support for mobike=yes|no keyword
    - receive / respond to v2N_MOBIKE_SUPPORTED INIT/AUTH exchange
    - receive / respond to v2N_UPDATE_SA_ADDRESSES INFORMATIONAL exchange
    
    TODO: support swaitch from NO NAT to NAT, and NAT to NO NAT
    - Seperating port difference as "NAT update" is not the right thing to do,
    - as it skips mobike update. but even when only port changes, we must

commit 34e1296c44abcdd4ec4d6fed9ac3661a94e9927b
Author: Antony Antony <antony at phenome.org>
Date:   Thu Oct 26 18:12:36 2017 +0200

    testing: MOBIKE tests and related output updates

commit c8ce82726b10874b3a38b9a396af8062f8bc19fb
Author: Antony Antony <antony at phenome.org>
Date:   Fri Dec 8 12:15:00 2017 +0100

    testing: testing/sanitizers/ip-xfrm.sed for ip xfrm
    
    ipsec look sanitizers are different.Those won't catch raw
    "ip xfrm state|pol"

commit efa29950b5f695316f72914c0504379a61f90feb
Author: Antony Antony <antony at phenome.org>
Date:   Fri Dec 1 14:05:57 2017 +0100

    ikev2: refactor ikev2_out_natd to support mobike
    
    mobike initiator has no md, refactor adding natd payloads without md.

commit e359b7c56b9d15b7d9baf93826d522486d8dc113
Author: Antony Antony <antony at phenome.org>
Date:   Wed Nov 29 22:22:33 2017 +0100

    addconn: refactor peer/local IP address lookup part
    
    MOBIKE need the most of netlink address lookup code.
    refactor all of address lookup from addconn, add it to libipsecconf.
    
    Would be nice to clean up a bit more
     change the printf to libreswan log lines
     what is the ppp lookup code out there

commit 86fa2fc862ff4159b6887ad869f204eb6c91bb30
Author: Antony Antony <antony at phenome.org>
Date:   Thu Dec 7 17:43:13 2017 +0100

    pluto: refactor to create delete_oriented_hp()
    
    MOBIKE need delting hp

commit 7ebbc21c6bbd1553cd5c5343f7b0a70d8bd7be39
Author: Antony Antony <antony at phenome.org>
Date:   Fri Dec 1 15:44:12 2017 +0100

    ikev2: make md const to is_msg_response

commit 5fa971b26bf341dd06bdd59ad6c36d0e82e01ff6
Author: Antony Antony <antony at phenome.org>
Date:   Thu Dec 14 15:51:26 2017 +0100

    ikev2: tweak debug log in process_encrypted_informational_ikev2