[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Fri Jun 5 15:55:58 UTC 2020
New commits:
commit 1d966fb74d7940d4ba1fe99404c73cc8210d941d
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 5 11:50:43 2020 -0400
testing: swan-prep workaround for kernel ICMP Acquire bug
This affects KVM/QEMU, not namespace based testing.
It sets net.ipv4.ping_group_range to the "old" value of only allowing
root the make icmp messages. Newer code allows this setting to allow
non-root uids to create ICMP echo packets. But it changes the code path
by going no longer going through a RAW socket.
But with a RAW socket, raw_probe_proto_opt is calle which sets the type
and code. IPv6 apparently does not have a similar issue.
More information about the Swan-commit
mailing list