[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Thu Jan 30 09:01:11 UTC 2020 

New commits:
commit e562ffc1bd8084e28dcdfe15d89a76463b21c833
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jan 29 20:58:43 2020 +0100

    testing: updated TESTLIST

commit 7b3aa77bf5ecfd94003b64d00cdc02f4a8a84410
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jan 29 19:07:17 2020 +0100

    testing: added certoe-20-bareshunts-slash32

commit 6e5474c971c60e55fbc77778bc1f6a508811104b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jan 29 19:23:09 2020 +0100

    testing: added certoe-19-bareshunts-expire

commit cd56ea6eddcca50ecc3f19a68af93ea6b44aeb7b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Jan 29 19:21:07 2020 +0100

    testing: updated certoe-18-pass-then-go-slash24

commit edbe26ccd2ccc3020002847ff565d3f9af8e9674
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jan 28 17:49:54 2020 +0100

    IKEv2: On XFRM, do not try to delete (replaced) bare shunt
    
    The XFRM based IPsec kernel already replaces the shunt with the IPsec
    tunnel policy. Also requires special handling of /32 policy entries
    where the bare shunt that expires needs to re-instate a new %trap
    policy for the OE /32 conn that it replaced while acting as shunt.

commit d7b4fbd7a9ec248f8b0ab5c73989910361f32f5d
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jan 28 22:14:50 2020 +0100

    pluto: fixup comment

commit 605b6f8a1a0c6238401e10df9ab3c9b14e45bdb7
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jan 28 16:11:46 2020 +0100

    IKEv2: in success_v2_state_transition(), delete any obsoleted bare shunts
    
    What usually happens is that road connects to east and gets a failure.
    Road installs a pass and sends cleartext to east. At some later point,
    east is fixed, and east will get triggered by traffic to do OE. When
    road installs the resulting IPsec SA, it should clear any bare shunts
    it has from previously.
    
    Note that when deleting bare shunts with XFRM, the next commit is also
    required.

commit 8a19606251c2e4e36a3ab955b4800a45dac3485d
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jan 28 16:11:12 2020 +0100

    testing: updated certoe-18-pass-then-go-slash24

More information about the Swan-commit mailing list