[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Wed Mar 18 20:52:46 UTC 2020 

New commits:
commit 49146d7f227cb570f020fdd2c9100a6fa0675b7a
Merge: 7513a96 e397bef
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Mar 18 16:51:01 2020 -0400

    tcp: merge Mayank Totale's TCP encapsulation GSOC-2017 project
    
    Note that this code is still in its early stages.
    
    For instance, the test ikev2-03-basic-rawrsa-tcp will to establish an
    ESP connection, but only when tested against a very recent linux
    kernel; and anything beyond that script tends to be fatal.
    
    The changes break down roughly as:
    
    - add "tcponly" and "tcp-remoteport" to configuration
      (are field names ok?)
    
    - add iface_tcp.c to sit along side of iface_udp.c
      (don't block while opening TCP connection; don't ref leak)
    
    - modify the initiator to switch from UDP to TCP
      (integrate this into the retransmit code?)
    
    - tweak UDP encapsulation path to include TCP encapsulation
    
    - tweak logging to mention UDP and/or TCP
    
    - add WIP tests
    
    Merge branch 'tcp-20191119'

commit e397bef8d4f35a688ba4640378bb49ec2075256a
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sat Feb 15 10:36:42 2020 -0500

    testing: more TCP tweaks
    
    run dumpcap (tcpdump seems to hang)
    don't firewall all - blocks ping response - so need something less
    agressive

commit 9906da3c9db0a56b299393462994b7b020d39fce
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sat Feb 15 10:34:05 2020 -0500

    tcp: hack NATT (ESPINUDP) xfrm config to also do ESPINTCP
    
    - changes to kernel.c aren't portable
    - natt fields should be renamed to encap fields (but then there's
      an existing encap field for tunnel vs transport) - too confusing

commit 1afa37b397eeeee1d1daa043e4d085ea892e5bd3
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 14 14:35:14 2020 -0500

    tcp: in delete_state() close the FD and delete the event handler
    
    Needs a better way of doing this - for instance assumes it can simply
    drop the underlying ip_dev reference.

commit 0695929e513440b0667fc402cdaf1e37db334a15
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 14 14:09:54 2020 -0500

    tcp: delete disabled 'sleeping on the job' code - artifical delay between sending TCPIKE and first packet

commit 09676468d26fe8ce0fc18e7aacdc2f492312f264
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Feb 14 14:08:15 2020 -0500

    tcp: drop code flip-flopping O_NOBLOCK when reading - only write path has kernel bug

commit 0cd206b42b1ab0f6e1337a8f5e7eeb391bb20063
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 13 21:51:43 2020 -0500

    tcp: re-implement I/O code so it works with CONFIG_INET_ESPINTCP=y enabled linux kernel
    
    - send the IKETCP prefix before enabling ESPINTCP, not after.
    
    - drop code adding/stripping the length prefix and using the evbuffer
      to accumulate input
    
      ESPINTCP make the TCP stream behave more like a datagram.  The
      kernel does the length wrapping; and userland must transfer the
      payload as a single operation.
    
    - drop struct kernel's espintcp field
    
    - drop code using a bufferevent write_cb() to trigger closing the
      socket - not needed as it is no longer a stream
    
    Known problems:
    
    - kernel rejects writes (at least) when O_NONBLOCK
    
      workaround is to disabling O_NONBLOCK during the write call (which
      means it is potentially blocking)
    
    - client's connect() call blocks
    
      the server where things really matter (?) shouldn't
    
    - delete_state() needs more work - closing fd(?) and deleting
      interface structures
    
    - actual ESP traffic can't work - code is still missing; but it should
      mimic the ESPINUDP code path

commit f53cce2ddbc14f982dafb977d2f1043e93b3d44b
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 6 10:32:37 2020 -0500

    tcp: remove old esp in tcp enabling code
    
    left over from a merge

commit b066e03a64a208e7da74f75c550d0164415507c6
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Jan 23 21:02:56 2020 -0500

    testing tcp: tweak ikev2-03-basic-rawrsa-tcp
    
    - spell out all firewall rules
    - don't refer to testing's config
    - only allow TCP
    - expect ping to work

commit 9fccf22d04c2a1a6dd03791da6d3ecf4559873cd
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sat Jan 18 08:29:59 2020 -0500

    tcp: cleanup send header construction
    
    When TCP force the addition of the non-ESP marker, and use
    uint16_t (not size_t) to store the network byte-ordered
    Packet Length.

commit 88f2113cd3a75ee0dcfcfa49c8429ee2f92c85da
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Jan 16 17:56:17 2020 -0500

    testing: update WIP tcp tests to better match current output

commit dbe76570660f4dcc14336a064d79aa824cafc444
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Nov 20 11:00:17 2019 +0800

    WIP: hook up Sabrina's API to enable TCP encap on socket using netlink_espintcp()

commit 2ca10c9bfc19784208d9ec2b6091d17e4e3ff0a2
Merge: afae0ca 83a28c7
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Nov 19 16:46:07 2019 -0500

    tcp-encap: merge Mayank Totale's GSOC-2017 Project into master
    
    Look for TCP: markers for things that likely need more work.

commit 83a28c7e8df24dcaf6fe8b9963eafdaf85088e42
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Nov 9 13:32:18 2017 +0530

    testing: added tcp tests as WIP

commit 6682ce18656aca845051c93c822e5b4ada2d684a
Author: Mayank Totale <mtotale at gmail.com>
Date:   Thu Nov 9 13:30:46 2017 +0530

    testing: Added TCP-encap changes(GSOC-2017 Project)
    
    Introduced 5 test cases based on previously existing tests
    ikev2-05-basic-psk-tcp is the UDP to TCP fallback test
    others are using only TCP. 1 is testing rekey, and 1 tests rw-nat
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>
    
    NOTE: packet flow is still not working due to missing kernel support

commit 226d67df6628015e79fbfc38a60d09ed15b30752
Author: Mayank Totale <mtotale at gmail.com>
Date:   Thu Nov 9 13:25:55 2017 +0530

    pluto: Add support for RFC 8229- TCP encap of IKE/ESP (GSOC-2017 Project)
    
    - Add configuration options to listen on TCP and connect to TCP
    - Add listening socket and create libevents for it
    - Inititate TCP connection when UDP fails
    - Recv and send on tcp connection when connected
    - Handle all the implementation issues
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>
    
    Note: Missing kernel TCP ENCAPS code in kernel*.[ch] as we are still
    waiting on the kernel patch and documentation on how to mark the
    socket for TCP_ENCAPS.

More information about the Swan-commit mailing list