[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Wed Mar 18 20:52:46 UTC 2020
New commits:
commit 49146d7f227cb570f020fdd2c9100a6fa0675b7a
Merge: 7513a96 e397bef
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Mar 18 16:51:01 2020 -0400
tcp: merge Mayank Totale's TCP encapsulation GSOC-2017 project
Note that this code is still in its early stages.
For instance, the test ikev2-03-basic-rawrsa-tcp will to establish an
ESP connection, but only when tested against a very recent linux
kernel; and anything beyond that script tends to be fatal.
The changes break down roughly as:
- add "tcponly" and "tcp-remoteport" to configuration
(are field names ok?)
- add iface_tcp.c to sit along side of iface_udp.c
(don't block while opening TCP connection; don't ref leak)
- modify the initiator to switch from UDP to TCP
(integrate this into the retransmit code?)
- tweak UDP encapsulation path to include TCP encapsulation
- tweak logging to mention UDP and/or TCP
- add WIP tests
Merge branch 'tcp-20191119'
commit e397bef8d4f35a688ba4640378bb49ec2075256a
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Feb 15 10:36:42 2020 -0500
testing: more TCP tweaks
run dumpcap (tcpdump seems to hang)
don't firewall all - blocks ping response - so need something less
agressive
commit 9906da3c9db0a56b299393462994b7b020d39fce
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Feb 15 10:34:05 2020 -0500
tcp: hack NATT (ESPINUDP) xfrm config to also do ESPINTCP
- changes to kernel.c aren't portable
- natt fields should be renamed to encap fields (but then there's
an existing encap field for tunnel vs transport) - too confusing
commit 1afa37b397eeeee1d1daa043e4d085ea892e5bd3
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Feb 14 14:35:14 2020 -0500
tcp: in delete_state() close the FD and delete the event handler
Needs a better way of doing this - for instance assumes it can simply
drop the underlying ip_dev reference.
commit 0695929e513440b0667fc402cdaf1e37db334a15
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Feb 14 14:09:54 2020 -0500
tcp: delete disabled 'sleeping on the job' code - artifical delay between sending TCPIKE and first packet
commit 09676468d26fe8ce0fc18e7aacdc2f492312f264
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Feb 14 14:08:15 2020 -0500
tcp: drop code flip-flopping O_NOBLOCK when reading - only write path has kernel bug
commit 0cd206b42b1ab0f6e1337a8f5e7eeb391bb20063
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Feb 13 21:51:43 2020 -0500
tcp: re-implement I/O code so it works with CONFIG_INET_ESPINTCP=y enabled linux kernel
- send the IKETCP prefix before enabling ESPINTCP, not after.
- drop code adding/stripping the length prefix and using the evbuffer
to accumulate input
ESPINTCP make the TCP stream behave more like a datagram. The
kernel does the length wrapping; and userland must transfer the
payload as a single operation.
- drop struct kernel's espintcp field
- drop code using a bufferevent write_cb() to trigger closing the
socket - not needed as it is no longer a stream
Known problems:
- kernel rejects writes (at least) when O_NONBLOCK
workaround is to disabling O_NONBLOCK during the write call (which
means it is potentially blocking)
- client's connect() call blocks
the server where things really matter (?) shouldn't
- delete_state() needs more work - closing fd(?) and deleting
interface structures
- actual ESP traffic can't work - code is still missing; but it should
mimic the ESPINUDP code path
commit f53cce2ddbc14f982dafb977d2f1043e93b3d44b
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Feb 6 10:32:37 2020 -0500
tcp: remove old esp in tcp enabling code
left over from a merge
commit b066e03a64a208e7da74f75c550d0164415507c6
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 23 21:02:56 2020 -0500
testing tcp: tweak ikev2-03-basic-rawrsa-tcp
- spell out all firewall rules
- don't refer to testing's config
- only allow TCP
- expect ping to work
commit 9fccf22d04c2a1a6dd03791da6d3ecf4559873cd
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Jan 18 08:29:59 2020 -0500
tcp: cleanup send header construction
When TCP force the addition of the non-ESP marker, and use
uint16_t (not size_t) to store the network byte-ordered
Packet Length.
commit 88f2113cd3a75ee0dcfcfa49c8429ee2f92c85da
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 16 17:56:17 2020 -0500
testing: update WIP tcp tests to better match current output
commit dbe76570660f4dcc14336a064d79aa824cafc444
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Nov 20 11:00:17 2019 +0800
WIP: hook up Sabrina's API to enable TCP encap on socket using netlink_espintcp()
commit 2ca10c9bfc19784208d9ec2b6091d17e4e3ff0a2
Merge: afae0ca 83a28c7
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Nov 19 16:46:07 2019 -0500
tcp-encap: merge Mayank Totale's GSOC-2017 Project into master
Look for TCP: markers for things that likely need more work.
commit 83a28c7e8df24dcaf6fe8b9963eafdaf85088e42
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Nov 9 13:32:18 2017 +0530
testing: added tcp tests as WIP
commit 6682ce18656aca845051c93c822e5b4ada2d684a
Author: Mayank Totale <mtotale at gmail.com>
Date: Thu Nov 9 13:30:46 2017 +0530
testing: Added TCP-encap changes(GSOC-2017 Project)
Introduced 5 test cases based on previously existing tests
ikev2-05-basic-psk-tcp is the UDP to TCP fallback test
others are using only TCP. 1 is testing rekey, and 1 tests rw-nat
Signed-off-by: Paul Wouters <pwouters at redhat.com>
NOTE: packet flow is still not working due to missing kernel support
commit 226d67df6628015e79fbfc38a60d09ed15b30752
Author: Mayank Totale <mtotale at gmail.com>
Date: Thu Nov 9 13:25:55 2017 +0530
pluto: Add support for RFC 8229- TCP encap of IKE/ESP (GSOC-2017 Project)
- Add configuration options to listen on TCP and connect to TCP
- Add listening socket and create libevents for it
- Inititate TCP connection when UDP fails
- Recv and send on tcp connection when connected
- Handle all the implementation issues
Signed-off-by: Paul Wouters <pwouters at redhat.com>
Note: Missing kernel TCP ENCAPS code in kernel*.[ch] as we are still
waiting on the kernel patch and documentation on how to mark the
socket for TCP_ENCAPS.
More information about the Swan-commit
mailing list