[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Sun Mar 4 18:36:59 UTC 2018 

New commits:
commit 4c441f17004a7fba94991c6f156a6805330777b7
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Mar 4 13:33:27 2018 -0500

    testing: add/update newoe-18-poc-cop-port22-both*

commit c691f4bce236a95ff615ff7ffe837731536b05ba
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Mar 4 13:09:26 2018 -0500

    pluto: oppo_instantiate() can be made static.
    
    This commit only moves the code block so no declaration is needed at the top.

commit 10bab7dde1bb2e7b7b9d531af4fab8eff4ca27c3
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Mar 4 13:02:57 2018 -0500

    pluto: recalculate default SPD priority using calculate_sa_prio(c)
    
    Once we instantiate and fill in the details, we need to have a longer
    prefix match priority for the instance compared to the template, so
    packets hit the instance SPD and not the template SPD rule.
    
    The replaced priority creation also could not make a difference between
    static conns, OE conns and OE anon conns. This is now differentiated so
    that SPDs (trap or tunnel!) for static tunnels always wins over OE.
    
    Note for bare shunts where we havent determined a connection yet, we use
    prio 0 (the highest). This is not a change from previous behaviour.

commit 7324356946e282a0c0421d39a0e6560ff499b421
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Mar 4 12:55:27 2018 -0500

    pluto: add protoport support to build_outgoing_opportunistic_connection()
    
    It did not take protoports into consideration, so an OE instance for
    1.2.3.0/24 tcp 0 22 could become confused with 1.2.3.0/24 tcp 22 0 and
    cause a mismatch later on.
    
    note this addition only rejects finding dport mismatches. It is not
    guaranteed to find the most narrow match (eg udp 1234 1234)

commit e4b88ae198c6961fea22a1a0d322500b61b73586
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Mar 4 12:53:06 2018 -0500

    pluto: use braces around OE name of conn that includes protoports

commit 2af1e2b814b472eaf4ab21cfcc7846b192884098
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Mar 4 12:51:36 2018 -0500

    pluto: define SPD groups for SPD priority, eg PLUTO_SPD_* in pluto_constants

More information about the Swan-commit mailing list