[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Mon May 29 21:40:06 UTC 2017
New commits:
commit fed7ad38bca037b0c397a3a50eefe932dded0ede
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon May 29 17:38:40 2017 -0400
testing: updated AH test cases for new ID= and ip xfrm pol align4 output
fixup a test case that uses modp for AH which also causes strongswan to send
out some corrupt proposals
commit 2877676933a22a8f8864e5f8ace4f5e07c8ea198
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon May 29 17:34:34 2017 -0400
updated changes
commit 70fac64fa84f00ffd1aec25e77a6629e41582f73
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon May 29 17:31:44 2017 -0400
XFRM: Use proper alignment for IPv4 AH as per RFC4302 Section 3.3.3.2.1
This requires XFRM_ALIGN4 support, which is present since 2.6.39
Warning: this breaks backwards compatibility with older kernels
with XFRM/NETKEY as it does not seem to support both alignment types.
KLIPS work fine with either alignment.
We decided not to add a backwards compatible option for this at this
moment. If you really need to interop with AH and old kernels, let us
know. The better way forward is to use ESP_NULL instead of AH.
More information about the Swan-commit
mailing list