[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Thu Jan 30 09:01:11 UTC 2020
New commits:
commit e562ffc1bd8084e28dcdfe15d89a76463b21c833
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 29 20:58:43 2020 +0100
testing: updated TESTLIST
commit 7b3aa77bf5ecfd94003b64d00cdc02f4a8a84410
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 29 19:07:17 2020 +0100
testing: added certoe-20-bareshunts-slash32
commit 6e5474c971c60e55fbc77778bc1f6a508811104b
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 29 19:23:09 2020 +0100
testing: added certoe-19-bareshunts-expire
commit cd56ea6eddcca50ecc3f19a68af93ea6b44aeb7b
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jan 29 19:21:07 2020 +0100
testing: updated certoe-18-pass-then-go-slash24
commit edbe26ccd2ccc3020002847ff565d3f9af8e9674
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 28 17:49:54 2020 +0100
IKEv2: On XFRM, do not try to delete (replaced) bare shunt
The XFRM based IPsec kernel already replaces the shunt with the IPsec
tunnel policy. Also requires special handling of /32 policy entries
where the bare shunt that expires needs to re-instate a new %trap
policy for the OE /32 conn that it replaced while acting as shunt.
commit d7b4fbd7a9ec248f8b0ab5c73989910361f32f5d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 28 22:14:50 2020 +0100
pluto: fixup comment
commit 605b6f8a1a0c6238401e10df9ab3c9b14e45bdb7
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 28 16:11:46 2020 +0100
IKEv2: in success_v2_state_transition(), delete any obsoleted bare shunts
What usually happens is that road connects to east and gets a failure.
Road installs a pass and sends cleartext to east. At some later point,
east is fixed, and east will get triggered by traffic to do OE. When
road installs the resulting IPsec SA, it should clear any bare shunts
it has from previously.
Note that when deleting bare shunts with XFRM, the next commit is also
required.
commit 8a19606251c2e4e36a3ab955b4800a45dac3485d
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jan 28 16:11:12 2020 +0100
testing: updated certoe-18-pass-then-go-slash24
More information about the Swan-commit
mailing list