[Swan-commit] Changes to ref refs/heads/master

Antony Antony antony at vault.libreswan.fi
Thu Jan 23 16:18:53 UTC 2020


New commits:
commit 0eb656232de07f84ab2e79dfffcd946266e66bc1
Merge: 71939ed 669434d
Author: Antony Antony <antony at phenome.org>
Date:   Thu Jan 23 16:18:10 2020 +0000

    Merge branch 'xfrmi'
    
    Initial support Linux xfrmi, ipsec-ineterface aka xfrmi

commit 669434d8d45efd9eb228f79aa1d1e9e673dc45ee
Author: Antony Antony <antony at phenome.org>
Date:   Thu Jan 23 16:03:59 2020 +0000

    pluto: rename kernel_netlink.* -> programs/pluto/kernel_xfrm.*

commit 5cdf9f0e740abbaf1172594f5a4beb29befd604f
Author: Antony Antony <antony at phenome.org>
Date:   Thu Jan 23 15:57:08 2020 +0000

    build: add USE_XFRM_INTERFACE in userland-cflags.mk

commit c444a377e67780105543a332b9b9f84f565b043f
Author: Antony Antony <antony at phenome.org>
Date:   Thu Jan 23 15:40:36 2020 +0000

    pluto: add xfrmi interface support

commit 7e989fdc6af0bbc4811bc020d6a4671a45d9cd06
Author: Antony Antony <antony at phenome.org>
Date:   Tue Apr 10 22:49:32 2018 +0000

    testing: xfrmi tests v32

commit 92d83f3fe7459df8f74d745785436db54c29f405
Author: Antony Antony <antony at phenome.org>
Date:   Thu Jan 23 10:23:44 2020 +0000

    testing: ip addr show scope global sanitized

commit 4422db05a0c389c1d847c8dc3c1596e7f245a68c
Author: Antony Antony <antony at phenome.org>
Date:   Thu Dec 5 11:15:14 2019 +0000

    testing: sanitizer namespace.sed

commit ddfd3b8324fb1695d6ed90138320d495316f2e2e
Author: Antony Antony <antony at phenome.org>
Date:   Wed Feb 13 22:34:23 2019 +0100

    testing: sanitizer xfrmi.sed

commit 0fc0fdbd7572b5a543f89b5074c8ef5f203791e9
Author: Antony Antony <antony at phenome.org>
Date:   Fri Nov 1 08:59:03 2019 +0000

    packaging: debian and ubuntu jessie,stretch,xenial,bionic,cosmic USE_XFRM_INTERFACE=false
    
    XFRM interface need kernel 4.19 or later.

commit 400638668022deb850cb0d4498f855cd0889dcda
Author: Antony Antony <antony at phenome.org>
Date:   Tue Feb 12 20:39:07 2019 +0100

    build: add USE_XFRM_INTERFACE in userland-cflags.mk
    
    default is no.
    As of this commit fedora28 & 29 ship kernel with xfrmi support,4.20.
    However, it is disabled.  #CONFIG_XFRM_INTERFACE not set
    possibly initiate bugzilla to change that once this code is in
     libreswan master.

commit 94d5da1f949efc8f7514c2ad2b72d47fe38c39e6
Author: Antony Antony <antony at phenome.org>
Date:   Fri Dec 13 07:10:00 2019 +0000

    man: ipsec-interface

commit 0cef5d7f8f5b4faad3896154b17e5bc68d864277
Author: Antony Antony <antony at phenome.org>
Date:   Fri Feb 15 10:02:51 2019 +0100

    updown.netkey: new PLUTO_VIRT_INTERFACE replace exisitng PLUTO_INTERFACE
    
    updown.netkey was assumig PLUTO_INTERFACE is id_rname.
    because kernel_netlink.c set both id_rname = id_vname.
    KLIPS it would be id_vname.
    netkey/xfrm with xfrmi they are different again.
    
    updown.netkey now use PLUTO_VIRT_INTERFACE
    
    PLUTO_INTERFACE is always the real interface.
    PLUTO_VIRT_INTERFACE will be different when using KLIPS or xfrmi,
    otherwise same. This likely won't barke user script that relied on
    PLUTO_INTERFACE.

commit 3fb49aa6a08220ef30e7ea888aaee1fb1b8397d7
Author: Antony Antony <antony at phenome.org>
Date:   Thu Oct 24 19:36:49 2019 +0000

    xfrmi: hack to ignore EAGAIN need more work
    
    add/delete xfrmi seems to get this error. Need further investiation.
    So far no side effects.

commit 67affdf1bcc82ffe07b33eec723b743cf6f07454
Author: Antony Antony <antony at phenome.org>
Date:   Thu Feb 14 19:10:09 2019 +0100

    pluto: xfrmi id_vname and status will show interface: ipsec0 at eth1

commit 32e11cc9b4946ab6e655485993700a67cf4e784a
Author: Antony Antony <antony at phenome.org>
Date:   Fri Apr 13 11:14:18 2018 +0200

    pluto: add xfrmi interface support
    
    initial support for xfrm interface.
    to use this you need kernel with xfrmi enabled, 4.19 or later
    CONFIG_XFRM_INTERFACE=y|m
    
    to see the details: with latest iproute2 5.3 has full support
    ip -d xfrm pol
    ip -d xfrm state
    ip -d link show type xfrm

commit bd7b1d20ba86fc85d662f7d5bd5eca2ed510c032
Author: Antony Antony <antony at phenome.org>
Date:   Wed Oct 23 05:01:17 2019 +0000

    netlink: increase the additional bufferspace to 32KiB
    
    It seems kernel can send us upto 32K, when using RTM_GETLINK and NLM_F_DUMP
    Reading with 16KiB seems to cause error in the concatinated response message.

commit 3c8ec0058c2e33391efcefce143bce00bdd60404
Author: Antony Antony <antony at phenome.org>
Date:   Fri Oct 18 11:13:44 2019 +0000

    xfrm: re-factor xfrm/netlink reply for common use of defaultroute lookup and xfrmi

commit 848ea626f7d73c400a0215c3c523ad28d286173f
Author: Antony Antony <antony at phenome.org>
Date:   Sun Feb 10 21:20:17 2019 +0100

    netlink: low level functions to add attributes to struct nlmsghdr
    
    These functions are from iproute2 source code lib/libnetlink.c
    
    These functions could help refactor kernel_netlink.c's manipulation
    of nlmsghdr too.

commit 71939ede3d3941275bcf0cccbccd3946d4ba4bdf
Author: Antony Antony <antony at phenome.org>
Date:   Thu Aug 29 16:30:17 2019 +0200

    testing: ns.sh use python 16bit sum

commit 43607ab23faeac0e0f34553dd9ef26f740b68066
Author: Antony Antony <antony at phenome.org>
Date:   Wed Oct 9 10:32:53 2019 +0000

    testing: nsrun untested hash

commit 9fcd650f0f8892b46ebd8bed5836f474b05795b5
Author: Antony Antony <antony at phenome.org>
Date:   Tue Jan 21 12:14:12 2020 +0000

    testing: nsrun fix type in east routing table

commit 3ac70722e066ed126707f645c6f53a4a2c5b02e4
Author: Antony Antony <antony at phenome.org>
Date:   Tue Jan 21 12:15:11 2020 +0000

    testing: baseconfig systemd-networkd routing entries cleanup

commit 2246eef4eb910bf68d4609dfe9c2eb104d4cc70d
Author: Antony Antony <antony at phenome.org>
Date:   Wed Jan 22 18:16:24 2020 +0000

    testing: sanitizer all-date-sanitize.sed

commit c854c9e0c16972f6343041a2b447186bdf581338
Author: Antony Antony <antony at phenome.org>
Date:   Tue Oct 29 14:08:37 2019 +0000

    testing: swan-prep disable 500 permission changes db file



More information about the Swan-commit mailing list